You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Alain T�sio <al...@onesite.org> on 2002/01/09 11:57:18 UTC
CGI 403 error though the user www-data can run the script from a shell
Hi, I have a permission error 403 when on a cgi script,
it used to work and I have no idea why it fails now:
www-data /home/exarch/www $lynx --source http://www.floc.net/www_exarch.py
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>403 Forbidden</TITLE>
</HEAD><BODY>
<H1>Forbidden</H1>
You don't have permission to access /www_exarch.py
on this server.<P>
</BODY></HTML>
In error.log:
[Tue Jan 8 13:41:06 2002] [error] [client 212.198.0.93] file permissions
deny server execution: /home/exarch/www/www_exarch.py
However from a shell with the user running apache I can execute it:
www-data /home/exarch/www $./www_exarch.py
Content-type: text/html
<html>
<body>
No list given
</body></html>
So if this is a configuration error the "file permissions" error
message is wrong ?
In the apache configuration file:
ScriptAlias /www_exarch.py /home/exarch/www/www_exarch.py
www-data is a member of the group exarch, and the script has g+rx rights:
exarch /home/exarch/www $ls -l www_exarch.py
-rwxr-x--- 1 exarch exarch 1174 Dec 16 15:59 www_exarch.py
Any idea ? I know I can probably manage to fix it with user and group
ownership tweaks but I'd like to understand why there is a permission
error while I can execute it from a shell.
Thanks
Alain
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: CGI 403 error though the user www-data can run the script from a
shell
Posted by Owen Boyle <ob...@bourse.ch>.
"Alain Tésio" wrote:
>
> Hi, I have a permission error 403 when on a cgi script,
> it used to work and I have no idea why it fails now:
So what did you change? :-)
> $lynx --source http://www.floc.net/www_exarch.py
This line implies that you want your document root to be a CGI
directory. Do you?
If so, you should have;
ScriptAlias / /home/exarch/www
rather than:
> ScriptAlias /www_exarch.py /home/exarch/www/www_exarch.py
Which is odd - why do you have ScriptAlias pointing to a file? Normally,
it is used to define a directory which contains several CGI programs.
Try sorting out the config and repost if you still have problems - the
behaviour may be clearer tehn.
Rgds,
Owen Boyle.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: CGI 403 error though the user www-data can run the script from a shell
Posted by Alain Tesio <al...@onesite.org>.
On Mon, 14 Jan 2002 11:09:51 +0100
Alain Tesio <al...@onesite.org> wrote:
> On Wed, 9 Jan 2002 10:39:36 -0500
> "Joshua Slive" <jo...@slive.ca> wrote:
>
> >
> > > From: Alain Tésio [mailto:alain@onesite.org]
> > >
> > > [Tue Jan 8 13:41:06 2002] [error] [client 212.198.0.93] file permissions
> > > deny server execution: /home/exarch/www/www_exarch.py
> > >
> > > exarch /home/exarch/www $ls -l www_exarch.py
> > > -rwxr-x--- 1 exarch exarch 1174 Dec 16 15:59 www_exarch.py
> >
> > Unless the User/Group in httpd.conf is "exarch", this is not sufficient.
> >
> > You need to "chmod +x www_exarch.py".
> >
> > Joshua.
> >
>
> Hi, it works, but I still think it shouldn't give an error since
> it's chmod g+x and the group ownership is www-data.
>
> Alain
Sorry, I meant that the user www-data is a member of the group
owning the file.
Alain
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: CGI 403 error though the user www-data can run the script from a shell
Posted by Alain Tesio <al...@onesite.org>.
On Wed, 9 Jan 2002 10:39:36 -0500
"Joshua Slive" <jo...@slive.ca> wrote:
>
> > From: Alain Tésio [mailto:alain@onesite.org]
> >
> > [Tue Jan 8 13:41:06 2002] [error] [client 212.198.0.93] file permissions
> > deny server execution: /home/exarch/www/www_exarch.py
> >
> > exarch /home/exarch/www $ls -l www_exarch.py
> > -rwxr-x--- 1 exarch exarch 1174 Dec 16 15:59 www_exarch.py
>
> Unless the User/Group in httpd.conf is "exarch", this is not sufficient.
>
> You need to "chmod +x www_exarch.py".
>
> Joshua.
>
Hi, it works, but I still think it shouldn't give an error since
it's chmod g+x and the group ownership is www-data.
Alain
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: CGI 403 error though the user www-data can run the script from a shell
Posted by Joshua Slive <jo...@slive.ca>.
> From: Alain Tésio [mailto:alain@onesite.org]
>
> [Tue Jan 8 13:41:06 2002] [error] [client 212.198.0.93] file permissions
> deny server execution: /home/exarch/www/www_exarch.py
>
> exarch /home/exarch/www $ls -l www_exarch.py
> -rwxr-x--- 1 exarch exarch 1174 Dec 16 15:59 www_exarch.py
Unless the User/Group in httpd.conf is "exarch", this is not sufficient.
You need to "chmod +x www_exarch.py".
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org