Re: File access in Apache 2.4 (clarification)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



At 09:24 AM 11/21/2017, Jonathan Billings wrote:
On Nov 21, 2017, at 11:42, david <david@xxxxxxxx> wrote:
>
> Folks
>
> I'm having file-access problems in Apache 2.4 under Centos 7. In particular:
>
> - I have a file that's readable to every user and every application, (writeable by only one user), but my CGI scripts cannot read it.
>
> - Some of my CGI scripts need temporary storage for some files. They are, for example, some internal log files, tnat get cleaned up over time, but I want to be able to look at them (as root). Where would you suggest they be placed? I've tried /tmp/my_private_files/, and /var/tmp/my_private_files/, but Apache fails to find even the directory.
>
> Here's some extra information
> SELINUX is disabled.
>
> I modified my CGI script to report where in the path to /tmp/my_private_files/temp_log.log the process failed. The Perl code I ran is:
>
>
>  my $x = "";
>  print STDERR "Trying to read /tmp/ramdisk/keys.txt\n";
>  for (split /\//, "/tmp/ramdisk/keys.txt") {
>    next unless $_;
>    $x .= "/$_";
>    print STDERR "Test $x, " , (-e $x?"exists":"does not exist"), "\n";
>  }
>
> And the output in the http error log for this virtual user, (timestamp and other error log data stripped) was:
>
> AH01215: Trying to read /tmp/ramdisk/keys.txt
> AH01215: Test /tmp, exists
> AH01215: Test /tmp/ramdisk, does not exist
> AH01215: Test /tmp/ramdisk/keys.txt, does not exist
>
> Using the "dir -l" command as root, I discover:
>
> dir -l / | grep tmp
> drwxrwxrwt.  16 root root  4096 Nov 21 08:35 tmp
>
> dir -l /tmp | grep ramdisk
> drwxrwxrwt  2 root root    140 Nov 21 08:35 ramdisk
>
> dir -l /tmp/ramdisk | grep keys.txt
> -rw-r--r-- 1 user1 user1 11829 Nov 21 08:29 keys.txt
>
>
> Any suggestions?
>

The httpd.servicce unit in c7 has:
PrivateTmp=true

Which means that Apache has its own private /tmp namespace. So itâ??s probably working, just not where you expect.


Donâ??t use /tmp in CGIs.

(And donâ??t disable selinux, particularly for web apps)
--
Jonathan Billings


Jonathan
Thanks for the advice. If you recommend NOT to use /tmp for cgi temporaries, where would you put them and how to name them? And about SELINUX, I'll consider that, but I'd like to get this working without SELINUX first.

And where should I put "globally readable" files? These files need to be readable by all users (including Apache), but writeable only by one user. In the past, I've placed them in a Ram disk since I don't want them to survive a power--off, and mounted that "device" directory in /tmp/ramdisk. It was working perfectly in Centos 5, 6 and 7, with Centos 7 failing within the past week or so. I do "yum update" every night.

David
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux