Hi, I've got a problem with Apache 2 + NFS + LDAP + CGI's. My setup is as follows: Machine 1: NFS & LDAP server (web storage is mounted from this volume) Machine 2: Apache 2.2.8 Machine 3: Apache 2.2.8 Machine 4: Apache 2.2.8 There is also a few other machines in the cluster, but they're irrelevant to this problem (SQL servers, etc). All the machines run Linux (Debian testing) 2.6.24.6 at the moment. NFS: The web root is mounted from machine 1 on machines 2 through 4. I'm using the NFS kernel server V3. The export has got: /www 10.0.0.7(rw,sync,subtree_check,no_root_squash,no_all_squash) The mount(s) have got: 10.0.0.6:/www /www nfs rw,hard,intr,user,tcp 0 0 I have verified I can copy files to and from the NFS share from the clients (2-4). I can also su to the apache user (apache) on the client and run perl scripts from within the NFS shared directories, the same goes for su'ing to any specific user and running the scripts as the user. The apache user is the same across machine 2-4 as it's pulled in via LDAP. Apache: Sample virtual host configuration: <VirtualHost 209.172.X.X:80> ServerName DOMAIN.co.uk ServerAlias *.DOMAIN.co.uk ScriptAlias /scripts/ /www/advice114/scripts/ AddType application/x-httpd-php .php DocumentRoot /www/advice114/html ErrorDocument 404 /scripts/common/404.pl RewriteEngine on RewriteOptions inherit </VirtualHost> Suexec is not enabled. Perl is 5.8.8 from apt. perl-suid is installed. I do authentication via openldap & pam (slapd server-side) which is working problem free from machine 2-4. Web 2-4 have only got administrative accounts on them, but pulls in the web user accounts no problem (also tested enabling shell for one and logged in no problems). The problem: I can't run perl scripts for the life of me. I get the following error in the error log and that's it: [Fri May 09 14:05:39 2008] [error] [client 83.104.229.109] (13)Permission denied: exec of '/www/advice120/scripts/rand_img01.pl' failed but: web2:/usr/local/apache2/logs# ls -la /home2/advice120/scripts/rand_img01.pl -r-xr-xr-x 1 advice120 advice120 1306 2008-05-07 12:48 /home2/advice120/scripts/rand_img01.pl Output from ldapsearch (# lines cropped): web2:/usr/local/apache2/logs# ldapsearch -x uid=advice120 dn: uid=advice120,ou=People,dc=X,dc=co,dc=uk uid: advice120 cn: advice120 objectClass: account objectClass: posixAccount objectClass: top objectClass: shadowAccount shadowMax: 99999 shadowWarning: 7 loginShell: /bin/sftpsh uidNumber: 8497 gidNumber: 8497 homeDirectory: /www/advice120 gecos: ,X search: 2 result: 0 Success Anyone have any idea why my perl cgi's won't execute? I think I've tried everything I can think of, I've read docs, I've JFGI'ed it, and no avail. The script can be read and executed on the server as the correct user, but apache won't do it. Is this a problem with Apache <> LDAP for getting permissions? :( if anyone needs any more info I can supply virtually any info you need re; the setup. thanks for your time! -- Henric Blomgren --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|