-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/02/2010 12:44 PM, Tony Molloy wrote: > On Thursday 02 December 2010 17:37:54 m.roth@xxxxxxxxx wrote: >> Tony Molloy wrote: >>> On Thursday 02 December 2010 15:56:59 m.roth@xxxxxxxxx wrote: >>>> Daniel J Walsh wrote: >>>>> On 12/02/2010 09:35 AM, Tony Molloy wrote: >>>>>> Hi, >>>>>> >>>>>> I'm running http on a fully updated Centos 5 system. >>>>>> >>>>>> httpd-2.2.3-43.el5.centos.3.x86_64 >>>>>> selinux-policy-2.4.6-279.el5_5.2.noarch >>>>>> selinux-policy-targeted-2.4.6-279.el5_5.2.noarch >>>>>> >>>>>> I'm trying to run a cgi script from a user directory. >>>> >>>> <MVNCH> >>>> >>>>> Do you have httpd_suexec_disable_trans turned on? >>>> >>>> Actually, what bothers me is trying to run a .cgi from a user's >>>> directory. Can't you create a directory ->under the apache >> >> <Directory><- that the >> >>>> users can put scripts in for testing? (I assume that once they're good, >>>> they go into the real production location for .cgi.) >>> >>> Not so easily done ;-) >>> >>> This is a University environment with several hundred faculty/students >>> wanting to use this server to run/check assignments. So they have ftp >> >> accounts >> >>> where they can upload any scripts to their public_html directory and run >> >> them >> >>> from there. >> >> I figured it was something like that. What I was thinking was >> >> /var/www/html/public_cgi/<students' directories> >> which would put them in a *legitimate* place for apache to be happy with, >> and which selinux would be happy with. >> >> You *might* need to add them to a group named something like pubcgi, and >> make the above group acceptable to selinux and apache. >> >> mark > > Interesting idea. I could give it a try next semester. > > Thanks, > > Tony >> >> -- >> selinux mailing list >> selinux@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/selinux > > > > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux It should not be necessary. public_html labeled correctly will work. THe problem you are seeing is that this boolean was set causing suexec to not work. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkz325gACgkQrlYvE4MpobOOLACeJYTbcor9wJPcrl+RrgdQIJAU awIAoLvCrmAv13LkxKFFBHguGBRb76PE =NYWQ -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
