Permission problem with CGI script

Lyle webmaster at
Wed Jul 14 13:59:27 PDT 2010

On 14/07/2010 20:34, Andy Selby wrote:
> [root at xyphen ~]# suexec -v
> suexec policy violation: see suexec log for more details

That's a new one to me :/

> I thought an easier way would be to change the user apache runs as to
> my username, but I got his error message..

I think this would effect quite a few things.

> [Wed Jul 14 19:53:39 2010] [notice] SELinux policy enabled; httpd
> running as context unconfined_u:system_r:httpd_t:s0
> [Wed Jul 14 19:53:39 2010] [notice] suEXEC mechanism enabled (wrapper:
> /usr/sbin/suexec)
> Partial success I made the full path into a variable...
>          #print "you said ",(param('text')),p, #This line works, the
> others below don't
>          my $datafile = '/var/www/cgi-bin/data/data.txt';
>          open (MYFILE, "$datafile") or die "couldn't open $datafile $!";

That should be

open (MYFILE, ">>$datafile") or die "couldn't open $datafile $!";

to write to it, hence the error.

> ... and it could open it although didn't write anything to it, also I
> had to create it first
> [Wed Jul 14 19:19:47 2010] [error] [client] Filehandle
> MYFILE opened only for input at /var/www/cgi-bin/MoSoSo.cgi line 22.,
> referer:
> Full success (but cheating), I transferred the file to a debian
> system, chown'd a directory for apache to put data.txt in and it
> worked.
> Sorry, I should have mentioned I had a debian system lying around
> ('lying around' being the keyword here, its on its side, no panels on
> it and the hdd caddy is sitting on top of the frame but still
> connected).
> Oh, well, that's taught me never to use Fedora for a server.

This might suggest that by default fedora apache is more secure? (not 
that I use fedora any more). Anyway, for something redhat derived for a 
server you should use CentOS.

> Thanks for your help Tony And Lyle

Glad you got it working.


More information about the MiltonKeynes-pm mailing list