CGI 403 error though the user www-data can run the script from a shell

[Alain T�sio <al...@onesite.org>]

Hi, I have a permission error 403 when on a cgi script,
it used to work and I have no idea why it fails now:

www-data /home/exarch/www $lynx --source http://www.floc.net/www_exarch.py
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>403 Forbidden</TITLE>
</HEAD><BODY>
<H1>Forbidden</H1>
You don't have permission to access /www_exarch.py
on this server.<P>
</BODY></HTML>

In error.log:

[Tue Jan  8 13:41:06 2002] [error] [client 212.198.0.93] file permissions
deny server execution: /home/exarch/www/www_exarch.py

However from a shell with the user running apache I can execute it:

www-data /home/exarch/www $./www_exarch.py
Content-type: text/html

<html>
<body>
No list given
</body></html>


So if this is a configuration error the "file permissions" error
message is wrong ?

In the apache configuration file:
ScriptAlias /www_exarch.py /home/exarch/www/www_exarch.py

www-data is a member of the group exarch, and the script has g+rx rights:

exarch /home/exarch/www $ls -l www_exarch.py
-rwxr-x---    1 exarch   exarch       1174 Dec 16 15:59 www_exarch.py


Any idea ? I know I can probably manage to fix it with user and group
ownership tweaks but I'd like to understand why there is a permission
error while I can execute it from a shell.

Thanks
Alain




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: CGI 403 error though the user www-data can run the script from a shell

[Owen Boyle <ob...@bourse.ch>]

"Alain Tésio" wrote:
> 
> Hi, I have a permission error 403 when on a cgi script,
> it used to work and I have no idea why it fails now:

So what did you change? :-)

>  $lynx --source http://www.floc.net/www_exarch.py

This line implies that you want your document root to be a CGI
directory. Do you?

If so, you should have;

ScriptAlias / /home/exarch/www

rather than:

> ScriptAlias /www_exarch.py /home/exarch/www/www_exarch.py

Which is odd - why do you have ScriptAlias pointing to a file? Normally,
it is used to define a directory which contains several CGI programs.

Try sorting out the config and repost if you still have problems - the
behaviour may be clearer tehn.

Rgds,

Owen Boyle.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: CGI 403 error though the user www-data can run the script from a shell

[Alain Tesio <al...@onesite.org>]

On Mon, 14 Jan 2002 11:09:51 +0100
Alain Tesio <al...@onesite.org> wrote:

> On Wed, 9 Jan 2002 10:39:36 -0500
> "Joshua Slive" <jo...@slive.ca> wrote:
> 
> > 
> > > From: Alain Tésio [mailto:alain@onesite.org]
> > >
> > > [Tue Jan  8 13:41:06 2002] [error] [client 212.198.0.93] file permissions
> > > deny server execution: /home/exarch/www/www_exarch.py
> > >
> > > exarch /home/exarch/www $ls -l www_exarch.py
> > > -rwxr-x---    1 exarch   exarch       1174 Dec 16 15:59 www_exarch.py
> > 
> > Unless the User/Group in httpd.conf is "exarch", this is not sufficient.
> > 
> > You need to "chmod +x www_exarch.py".
> > 
> > Joshua.
> > 
> 
> Hi, it works, but I still think it shouldn't give an error since
> it's chmod g+x and the group ownership is www-data.
> 
> Alain

Sorry, I meant that the user www-data is a member of the group
owning the file.

Alain

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: CGI 403 error though the user www-data can run the script from a shell

[Alain Tesio <al...@onesite.org>]

On Wed, 9 Jan 2002 10:39:36 -0500
"Joshua Slive" <jo...@slive.ca> wrote:

> 
> > From: Alain Tésio [mailto:alain@onesite.org]
> >
> > [Tue Jan  8 13:41:06 2002] [error] [client 212.198.0.93] file permissions
> > deny server execution: /home/exarch/www/www_exarch.py
> >
> > exarch /home/exarch/www $ls -l www_exarch.py
> > -rwxr-x---    1 exarch   exarch       1174 Dec 16 15:59 www_exarch.py
> 
> Unless the User/Group in httpd.conf is "exarch", this is not sufficient.
> 
> You need to "chmod +x www_exarch.py".
> 
> Joshua.
> 

Hi, it works, but I still think it shouldn't give an error since
it's chmod g+x and the group ownership is www-data.

Alain

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: CGI 403 error though the user www-data can run the script from a shell

[Joshua Slive <jo...@slive.ca>]

> From: Alain Tésio [mailto:alain@onesite.org]
>
> [Tue Jan  8 13:41:06 2002] [error] [client 212.198.0.93] file permissions
> deny server execution: /home/exarch/www/www_exarch.py
>
> exarch /home/exarch/www $ls -l www_exarch.py
> -rwxr-x---    1 exarch   exarch       1174 Dec 16 15:59 www_exarch.py

Unless the User/Group in httpd.conf is "exarch", this is not sufficient.

You need to "chmod +x www_exarch.py".

Joshua.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org