RE: apache selinx problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I would recommend running system-config-securitylevel to see what
SELinux booleans are in place for httpd.  Depending on what your script
is actually doing, you may have to make more then one modification.  

Jay Berryman, RHCT, RHCE
Systems Engineer
Phone:  (402)-963-6347
E-Mail:  Jay.Berryman@xxxxxxxxx
 

This message and any attachments are intended only for the use of the
addressee and may contain information that is privileged and
confidential. If the reader of the message is not the intended
recipient, or the authorized agent of the intended recipient, you are
hereby notified that any dissemination of this communication is strictly
prohibited. If you have received this communication in error, please
notify SITEL immediately by telephone at 402.963.6001 and delete the
message and any attachments from your system. Thank you for your
cooperation.

 
 

-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Bill Tangren
Sent: Monday, November 06, 2006 12:39 PM
To: General Red Hat Linux discussion list
Subject: Re: apache selinx problem

Jay Berryman wrote:
> What avc error messages do you see in /var/log/messages?
> 

Nov  6 13:35:41 doggett kernel: audit(1162838141.073:45): avc:  denied
{ 
execute_no_trans } for  pid=17313 comm="httpd" name="aa_geocentric.pl"
dev=hda2 
ino=1839292 scontext=root:system_r:httpd_t 
tcontext=system_u:object_r:httpd_sys_script_exec_t tclass=file


> Jay Berryman, RHCT, RHCE
> Systems Engineer
> Phone:  (402)-963-6347
> E-Mail:  Jay.Berryman@xxxxxxxxx
>  
> 
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and
> confidential. If the reader of the message is not the intended
> recipient, or the authorized agent of the intended recipient, you are
> hereby notified that any dissemination of this communication is
strictly
> prohibited. If you have received this communication in error, please
> notify SITEL immediately by telephone at 402.963.6001 and delete the
> message and any attachments from your system. Thank you for your
> cooperation.
> 
>  
>  
> 
> -----Original Message-----
> From: redhat-list-bounces@xxxxxxxxxx
> [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Bill Tangren
> Sent: Monday, November 06, 2006 12:11 PM
> To: General Red Hat Linux discussion list
> Subject: apache selinx problem
> 
> I am having a perplexing apache problem, probably caused by incorrect 
> permissions on files and/or directories.
> 
> I three web servers. One does not run on a server that uses SELinux.
The
> other 
> two do. One of them executes scripts just fine. The other does not.
This
> is the 
> error I get:
> 
> [Mon Nov 06 12:54:45 2006] [error] [client 10.1.5.58] (13)Permission
> denied: 
> exec of '/home/httpd/cgi-bin/aa_geocentric.pl' failed
> [Mon Nov 06 12:54:45 2006] [error] [client 10.1.5.58] Premature end of
> script 
> headers: aa_geocentric.pl
> 
> 
> The script is located in /home/httpd/cgi-bin. [The same script is
> located on the 
> other two servers, and works just fine.] This is what I get when
looking
> at 
> permissions.
> 
> # ll -Z /home
> drwxr-xr-x  apache   AA       system_u:object_r:httpd_sys_content_t
> httpd
> 
> # ll -Z /home/httpd
> drwxrwxr-x  apache   AA
system_u:object_r:httpd_sys_script_exec_t
> cgi-bin
> 
> # ll -Z /home/httpd/aa_geocentric.pl
> -rwxrwxr-x  apache   AA
system_u:object_r:httpd_sys_script_exec_t 
> aa_geocentric.pl
> 
> "AA" is my department's user's group.
> 
> I can log into the server and run the script from the command line
just
> fine.
> 
> Html seems to render just fine. The problem is with cgi scripts. I've
> tried UNIX 
> shell scripts, and I get the same problem.
> 
> Any ideas what the problem might be?
> 
> TIA,
> Bill Tangren
> 

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux