Permission problem with CGI script

[Lyle]

On 14/07/2010 20:34, Andy Selby wrote:
> [root at xyphen ~]# suexec -v
> suexec policy violation: see suexec log for more details
>    

That's a new one to me :/

> I thought an easier way would be to change the user apache runs as to
> my username, but I got his error message..
>    

I think this would effect quite a few things.

> [Wed Jul 14 19:53:39 2010] [notice] SELinux policy enabled; httpd
> running as context unconfined_u:system_r:httpd_t:s0
> [Wed Jul 14 19:53:39 2010] [notice] suEXEC mechanism enabled (wrapper:
> /usr/sbin/suexec)
>
> Partial success I made the full path into a variable...
>
>          #print "you said ",(param('text')),p, #This line works, the
> others below don't
>          my $datafile = '/var/www/cgi-bin/data/data.txt';
>          open (MYFILE, "$datafile") or die "couldn't open $datafile $!";
>    

That should be

open (MYFILE, ">>$datafile") or die "couldn't open $datafile $!";

to write to it, hence the error.

> ... and it could open it although didn't write anything to it, also I
> had to create it first
>
> [Wed Jul 14 19:19:47 2010] [error] [client 192.168.0.4] Filehandle
> MYFILE opened only for input at /var/www/cgi-bin/MoSoSo.cgi line 22.,
> referer: http://192.168.0.10/cgi-bin/MoSoSo.cgi
>
> Full success (but cheating), I transferred the file to a debian
> system, chown'd a directory for apache to put data.txt in and it
> worked.
> Sorry, I should have mentioned I had a debian system lying around
> ('lying around' being the keyword here, its on its side, no panels on
> it and the hdd caddy is sitting on top of the frame but still
> connected).
>
> Oh, well, that's taught me never to use Fedora for a server.
>    

This might suggest that by default fedora apache is more secure? (not 
that I use fedora any more). Anyway, for something redhat derived for a 
server you should use CentOS.

> Thanks for your help Tony And Lyle
>    

Glad you got it working.


Lyle