-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/02/2010 06:47 PM, Daniel J Walsh wrote: > On 12/02/2010 12:44 PM, Tony Molloy wrote: >> On Thursday 02 December 2010 17:37:54 m.roth@xxxxxxxxx wrote: >>> Tony Molloy wrote: >>>> On Thursday 02 December 2010 15:56:59 m.roth@xxxxxxxxx wrote: >>>>> Daniel J Walsh wrote: >>>>>> On 12/02/2010 09:35 AM, Tony Molloy wrote: >>>>>>> Hi, >>>>>>> >>>>>>> I'm running http on a fully updated Centos 5 system. >>>>>>> >>>>>>> httpd-2.2.3-43.el5.centos.3.x86_64 >>>>>>> selinux-policy-2.4.6-279.el5_5.2.noarch >>>>>>> selinux-policy-targeted-2.4.6-279.el5_5.2.noarch >>>>>>> >>>>>>> I'm trying to run a cgi script from a user directory. >>>>> >>>>> <MVNCH> >>>>> >>>>>> Do you have httpd_suexec_disable_trans turned on? >>>>> >>>>> Actually, what bothers me is trying to run a .cgi from a user's >>>>> directory. Can't you create a directory ->under the apache >>> >>> <Directory><- that the >>> >>>>> users can put scripts in for testing? (I assume that once they're good, >>>>> they go into the real production location for .cgi.) >>>> >>>> Not so easily done ;-) >>>> >>>> This is a University environment with several hundred faculty/students >>>> wanting to use this server to run/check assignments. So they have ftp >>> >>> accounts >>> >>>> where they can upload any scripts to their public_html directory and run >>> >>> them >>> >>>> from there. >>> >>> I figured it was something like that. What I was thinking was >>> >>> /var/www/html/public_cgi/<students' directories> >>> which would put them in a *legitimate* place for apache to be happy with, >>> and which selinux would be happy with. >>> >>> You *might* need to add them to a group named something like pubcgi, and >>> make the above group acceptable to selinux and apache. >>> >>> mark > >> Interesting idea. I could give it a try next semester. Not sure if suexec would work if you set it up that way I've ~/public_html/cgi-bin ~/(httpd_user_content_t/(httpd_user_script_exec_t) and works just dandy with suexec. > >> Thanks, > >> Tony >>> >>> -- >>> selinux mailing list >>> selinux@xxxxxxxxxxxxxxxxxxxxxxx >>> https://admin.fedoraproject.org/mailman/listinfo/selinux > > > >> -- >> selinux mailing list >> selinux@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/selinux > > It should not be necessary. public_html labeled correctly will work. > THe problem you are seeing is that this boolean was set causing suexec > to not work. - -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkz34Q0ACgkQMlxVo39jgT9yFwCfTep/Aw2nQEb6A7HFQN10C6k+ r+4AoJVM/nc2qA+JTgLoaiOxEV1oDq5Q =W8LY -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
