You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Amir Aavani <Am...@gmail.com> on 2006/05/15 07:20:55 UTC
[users@httpd] cgi permission
I recently installed FC5 on my laptop, Before that I had FC4 with latest
version of httpd. On FC4, i developed a cgi application (using fpc)
which read/write from/to some files. The files where on my desktop, i.e
/home/Amir/Desktop/1 . Also, I set the User and Group parameters in
httpd.conf to "Amir". The file worked correctly on FC4. But now my file
can't read/write from that file (any file, I changed the place of the file).
I checked if my configuration was correct, I asked my cgi application to
print the effective user ID by whom it is run.
Any suggestion
My httpd version is httpd-2.2.0-5.1.2
yours
Amir
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] cgi permission
Posted by Bill Jones <te...@gmail.com>.
On 5/16/06, Amir Aavani <Am...@gmail.com> wrote:
> Thanks Bill,
> When I disabled the selinux (or even set it to permissive mode), the
> problem solved.
:-) Great but disabling SELinux is not a problem resolution path. Se
below for a better solution.
> > try as root;
> > setenforce 0
> >
> > to see if selinux is interfering. if it now works, selinux is stoppng
> > your cgi -- then you will ned to modify the policy enforcement under
> > httpd->allow cgi write access (all this is located under the GUI
> > security panel.)
Note 'as root' means execute 'su -' to become root, note the '-'.
As root execute 'system-config-securitylevel'
next set each particular security as needed, pay special attention to
Allow CGI Write Access, etc.
References (note that some cover FC3, et al, but the procedures are
still relevant:
http://fedora.redhat.com/docs/selinux-apache-fc3/sn-debugging-and-customizing.html
http://fedora.redhat.com/docs/selinux-apache-fc3/sn-further-approaches.html
http://www.google.com/search?hl=en&q=selinux+allow+cgi+write+access+policy&btnG=Google+Search
--
WC (Bill) Jones -- http://youve-reached-the.endoftheinternet.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] cgi permission
Posted by Amir Aavani <Am...@gmail.com>.
Thanks Bill,
When I disabled the selinux (or even set it to permissive mode), the
problem solved.
Bill Jones wrote:
> On 5/15/06, Amir Aavani <Am...@gmail.com> wrote:
>>
>> I recently installed FC5 on my laptop, Before that I had FC4 with latest
>> version of httpd. On FC4, i developed a cgi application (using fpc)
>> which read/write from/to some files. The files where on my desktop, i.e
>> /home/Amir/Desktop/1 . Also, I set the User and Group parameters in
>> httpd.conf to "Amir". The file worked correctly on FC4. But now my file
>> can't read/write from that file (any file, I changed the place of the
>> file).
>> I checked if my configuration was correct, I asked my cgi application to
>> print the effective user ID by whom it is run.
>
> try as root;
> setenforce 0
>
> to see if selinux is interfering. if it now works, selinux is stoppng
> your cgi -- then you will ned to modify the policy enforcement under
> httpd->allow cgi write access (all this is located under the GUI
> security panel.)
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] cgi permission
Posted by Bill Jones <te...@gmail.com>.
On 5/15/06, Amir Aavani <Am...@gmail.com> wrote:
>
> I recently installed FC5 on my laptop, Before that I had FC4 with latest
> version of httpd. On FC4, i developed a cgi application (using fpc)
> which read/write from/to some files. The files where on my desktop, i.e
> /home/Amir/Desktop/1 . Also, I set the User and Group parameters in
> httpd.conf to "Amir". The file worked correctly on FC4. But now my file
> can't read/write from that file (any file, I changed the place of the file).
> I checked if my configuration was correct, I asked my cgi application to
> print the effective user ID by whom it is run.
try as root;
setenforce 0
to see if selinux is interfering. if it now works, selinux is stoppng
your cgi -- then you will ned to modify the policy enforcement under
httpd->allow cgi write access (all this is located under the GUI
security panel.)
--
WC (Bill) Jones -- http://youve-reached-the.endoftheinternet.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] cgi permission
Posted by Richard de Vries <ri...@yahoo.com>.
Check your selinux settings. From within your desktop
"System - Administration - Security Level and
Firewall"
--- Amir Aavani <Am...@gmail.com> wrote:
>
> I recently installed FC5 on my laptop, Before that I
> had FC4 with latest
> version of httpd. On FC4, i developed a cgi
> application (using fpc)
> which read/write from/to some files. The files where
> on my desktop, i.e
> /home/Amir/Desktop/1 . Also, I set the User and
> Group parameters in
> httpd.conf to "Amir". The file worked correctly on
> FC4. But now my file
> can't read/write from that file (any file, I changed
> the place of the file).
> I checked if my configuration was correct, I asked
> my cgi application to
> print the effective user ID by whom it is run.
> Any suggestion
>
> My httpd version is httpd-2.2.0-5.1.2
> yours
> Amir
>
>
>
---------------------------------------------------------------------
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> users-unsubscribe@httpd.apache.org
> " from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail:
> users-help@httpd.apache.org
>
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org