I would recommend running system-config-securitylevel to see what SELinux booleans are in place for httpd. Depending on what your script is actually doing, you may have to make more then one modification. Jay Berryman, RHCT, RHCE Systems Engineer Phone: (402)-963-6347 E-Mail: Jay.Berryman@xxxxxxxxx This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient, or the authorized agent of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify SITEL immediately by telephone at 402.963.6001 and delete the message and any attachments from your system. Thank you for your cooperation. -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Bill Tangren Sent: Monday, November 06, 2006 12:39 PM To: General Red Hat Linux discussion list Subject: Re: apache selinx problem Jay Berryman wrote: > What avc error messages do you see in /var/log/messages? > Nov 6 13:35:41 doggett kernel: audit(1162838141.073:45): avc: denied { execute_no_trans } for pid=17313 comm="httpd" name="aa_geocentric.pl" dev=hda2 ino=1839292 scontext=root:system_r:httpd_t tcontext=system_u:object_r:httpd_sys_script_exec_t tclass=file > Jay Berryman, RHCT, RHCE > Systems Engineer > Phone: (402)-963-6347 > E-Mail: Jay.Berryman@xxxxxxxxx > > > This message and any attachments are intended only for the use of the > addressee and may contain information that is privileged and > confidential. If the reader of the message is not the intended > recipient, or the authorized agent of the intended recipient, you are > hereby notified that any dissemination of this communication is strictly > prohibited. If you have received this communication in error, please > notify SITEL immediately by telephone at 402.963.6001 and delete the > message and any attachments from your system. Thank you for your > cooperation. > > > > > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Bill Tangren > Sent: Monday, November 06, 2006 12:11 PM > To: General Red Hat Linux discussion list > Subject: apache selinx problem > > I am having a perplexing apache problem, probably caused by incorrect > permissions on files and/or directories. > > I three web servers. One does not run on a server that uses SELinux. The > other > two do. One of them executes scripts just fine. The other does not. This > is the > error I get: > > [Mon Nov 06 12:54:45 2006] [error] [client 10.1.5.58] (13)Permission > denied: > exec of '/home/httpd/cgi-bin/aa_geocentric.pl' failed > [Mon Nov 06 12:54:45 2006] [error] [client 10.1.5.58] Premature end of > script > headers: aa_geocentric.pl > > > The script is located in /home/httpd/cgi-bin. [The same script is > located on the > other two servers, and works just fine.] This is what I get when looking > at > permissions. > > # ll -Z /home > drwxr-xr-x apache AA system_u:object_r:httpd_sys_content_t > httpd > > # ll -Z /home/httpd > drwxrwxr-x apache AA system_u:object_r:httpd_sys_script_exec_t > cgi-bin > > # ll -Z /home/httpd/aa_geocentric.pl > -rwxrwxr-x apache AA system_u:object_r:httpd_sys_script_exec_t > aa_geocentric.pl > > "AA" is my department's user's group. > > I can log into the server and run the script from the command line just > fine. > > Html seems to render just fine. The problem is with cgi scripts. I've > tried UNIX > shell scripts, and I get the same problem. > > Any ideas what the problem might be? > > TIA, > Bill Tangren > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
