Permission problem with CGI script
webmaster at cosmicperl.com
Wed Jul 14 13:59:27 PDT 2010
On 14/07/2010 20:34, Andy Selby wrote:
> [root at xyphen ~]# suexec -v
> suexec policy violation: see suexec log for more details
That's a new one to me :/
> I thought an easier way would be to change the user apache runs as to
> my username, but I got his error message..
I think this would effect quite a few things.
> [Wed Jul 14 19:53:39 2010] [notice] SELinux policy enabled; httpd
> running as context unconfined_u:system_r:httpd_t:s0
> [Wed Jul 14 19:53:39 2010] [notice] suEXEC mechanism enabled (wrapper:
> Partial success I made the full path into a variable...
> #print "you said ",(param('text')),p, #This line works, the
> others below don't
> my $datafile = '/var/www/cgi-bin/data/data.txt';
> open (MYFILE, "$datafile") or die "couldn't open $datafile $!";
That should be
open (MYFILE, ">>$datafile") or die "couldn't open $datafile $!";
to write to it, hence the error.
> ... and it could open it although didn't write anything to it, also I
> had to create it first
> [Wed Jul 14 19:19:47 2010] [error] [client 192.168.0.4] Filehandle
> MYFILE opened only for input at /var/www/cgi-bin/MoSoSo.cgi line 22.,
> referer: http://192.168.0.10/cgi-bin/MoSoSo.cgi
> Full success (but cheating), I transferred the file to a debian
> system, chown'd a directory for apache to put data.txt in and it
> Sorry, I should have mentioned I had a debian system lying around
> ('lying around' being the keyword here, its on its side, no panels on
> it and the hdd caddy is sitting on top of the frame but still
> Oh, well, that's taught me never to use Fedora for a server.
This might suggest that by default fedora apache is more secure? (not
that I use fedora any more). Anyway, for something redhat derived for a
server you should use CentOS.
> Thanks for your help Tony And Lyle
Glad you got it working.
More information about the MiltonKeynes-pm