At 09:24 AM 11/21/2017, Jonathan Billings wrote:
On Nov 21, 2017, at 11:42, david <david@xxxxxxxx> wrote:
>
> Folks
>
> I'm having file-access problems in Apache 2.4
under Centos 7. In particular:
>
> - I have a file that's readable to every user
and every application, (writeable by only one
user), but my CGI scripts cannot read it.
>
> - Some of my CGI scripts need temporary
storage for some files. They are, for example,
some internal log files, tnat get cleaned up
over time, but I want to be able to look at
them (as root). Where would you suggest they
be placed? I've tried /tmp/my_private_files/,
and /var/tmp/my_private_files/, but Apache fails to find even the directory.
>
> Here's some extra information
> SELINUX is disabled.
>
> I modified my CGI script to report where in
the path to /tmp/my_private_files/temp_log.log
the process failed. The Perl code I ran is:
>
>
> my $x = "";
> print STDERR "Trying to read /tmp/ramdisk/keys.txt\n";
> for (split /\//, "/tmp/ramdisk/keys.txt") {
> next unless $_;
> $x .= "/$_";
> print STDERR "Test $x, " , (-e $x?"exists":"does not exist"), "\n";
> }
>
> And the output in the http error log for this
virtual user, (timestamp and other error log data stripped) was:
>
> AH01215: Trying to read /tmp/ramdisk/keys.txt
> AH01215: Test /tmp, exists
> AH01215: Test /tmp/ramdisk, does not exist
> AH01215: Test /tmp/ramdisk/keys.txt, does not exist
>
> Using the "dir -l" command as root, I discover:
>
> dir -l / | grep tmp
> drwxrwxrwt. 16 root root 4096 Nov 21 08:35 tmp
>
> dir -l /tmp | grep ramdisk
> drwxrwxrwt 2 root root 140 Nov 21 08:35 ramdisk
>
> dir -l /tmp/ramdisk | grep keys.txt
> -rw-r--r-- 1 user1 user1 11829 Nov 21 08:29 keys.txt
>
>
> Any suggestions?
>
The httpd.servicce unit in c7 has:
PrivateTmp=true
Which means that Apache has its own private /tmp
namespace. So itâ??s probably working, just not where you expect.
Donâ??t use /tmp in CGIs.
(And donâ??t disable selinux, particularly for web apps)
--
Jonathan Billings
Jonathan
Thanks for the advice. If you recommend NOT to
use /tmp for cgi temporaries, where would you put
them and how to name them? And about SELINUX,
I'll consider that, but I'd like to get this working without SELINUX first.
And where should I put "globally readable"
files? These files need to be readable by all
users (including Apache), but writeable only by
one user. In the past, I've placed them in a Ram
disk since I don't want them to survive a
power--off, and mounted that "device" directory
in /tmp/ramdisk. It was working perfectly in
Centos 5, 6 and 7, with Centos 7 failing within
the past week or so. I do "yum update" every night.
David
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
