You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Amir Aavani <Am...@gmail.com> on 2006/05/15 07:20:55 UTC

[users@httpd] cgi permission

I recently installed FC5 on my laptop, Before that I had FC4 with latest 
version of httpd. On FC4, i developed a cgi application (using fpc) 
which read/write from/to some files. The files where on my desktop, i.e 
/home/Amir/Desktop/1 . Also, I set the User and Group parameters in 
httpd.conf to "Amir". The file worked correctly on FC4. But now my file 
can't read/write from that file (any file, I changed the place of the file).
I checked if my configuration was correct, I asked my cgi application to 
print the effective user ID by whom it is run.
Any suggestion

My httpd version is httpd-2.2.0-5.1.2
yours
Amir


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] cgi permission

Posted by Bill Jones <te...@gmail.com>.

On 5/16/06, Amir Aavani <Am...@gmail.com> wrote:
> Thanks Bill,
> When I disabled the selinux (or even set it to permissive mode),  the
> problem solved.

:-) Great but disabling SELinux is not a problem resolution path.  Se
below for a better solution.

> > try as root;
> > setenforce 0
> >
> > to see if selinux is interfering.  if it now works, selinux is stoppng
> > your cgi -- then you will ned to modify the policy enforcement under
> > httpd->allow cgi write access (all this is located under the GUI
> > security panel.)

Note 'as root' means execute 'su -' to become root, note the '-'.

As root execute 'system-config-securitylevel'
next set each particular security as needed, pay special attention to
Allow CGI Write Access, etc.

References (note that some cover FC3, et al, but the procedures are
still relevant:
http://fedora.redhat.com/docs/selinux-apache-fc3/sn-debugging-and-customizing.html
http://fedora.redhat.com/docs/selinux-apache-fc3/sn-further-approaches.html
http://www.google.com/search?hl=en&q=selinux+allow+cgi+write+access+policy&btnG=Google+Search
-- 
WC (Bill) Jones -- http://youve-reached-the.endoftheinternet.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] cgi permission

Posted by Amir Aavani <Am...@gmail.com>.

Thanks Bill,
When I disabled the selinux (or even set it to permissive mode),  the 
problem solved.

Bill Jones wrote:
> On 5/15/06, Amir Aavani <Am...@gmail.com> wrote:
>>
>> I recently installed FC5 on my laptop, Before that I had FC4 with latest
>> version of httpd. On FC4, i developed a cgi application (using fpc)
>> which read/write from/to some files. The files where on my desktop, i.e
>> /home/Amir/Desktop/1 . Also, I set the User and Group parameters in
>> httpd.conf to "Amir". The file worked correctly on FC4. But now my file
>> can't read/write from that file (any file, I changed the place of the 
>> file).
>> I checked if my configuration was correct, I asked my cgi application to
>> print the effective user ID by whom it is run.
>
> try as root;
> setenforce 0
>
> to see if selinux is interfering.  if it now works, selinux is stoppng
> your cgi -- then you will ned to modify the policy enforcement under
> httpd->allow cgi write access (all this is located under the GUI
> security panel.)



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] cgi permission

Posted by Bill Jones <te...@gmail.com>.

On 5/15/06, Amir Aavani <Am...@gmail.com> wrote:
>
> I recently installed FC5 on my laptop, Before that I had FC4 with latest
> version of httpd. On FC4, i developed a cgi application (using fpc)
> which read/write from/to some files. The files where on my desktop, i.e
> /home/Amir/Desktop/1 . Also, I set the User and Group parameters in
> httpd.conf to "Amir". The file worked correctly on FC4. But now my file
> can't read/write from that file (any file, I changed the place of the file).
> I checked if my configuration was correct, I asked my cgi application to
> print the effective user ID by whom it is run.

try as root;
setenforce 0

to see if selinux is interfering.  if it now works, selinux is stoppng
your cgi -- then you will ned to modify the policy enforcement under
httpd->allow cgi write access (all this is located under the GUI
security panel.)
-- 
WC (Bill) Jones -- http://youve-reached-the.endoftheinternet.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] cgi permission

Posted by Richard de Vries <ri...@yahoo.com>.

Check your selinux settings. From within your desktop
"System - Administration - Security Level and
Firewall"

--- Amir Aavani <Am...@gmail.com> wrote:

> 
> I recently installed FC5 on my laptop, Before that I
> had FC4 with latest 
> version of httpd. On FC4, i developed a cgi
> application (using fpc) 
> which read/write from/to some files. The files where
> on my desktop, i.e 
> /home/Amir/Desktop/1 . Also, I set the User and
> Group parameters in 
> httpd.conf to "Amir". The file worked correctly on
> FC4. But now my file 
> can't read/write from that file (any file, I changed
> the place of the file).
> I checked if my configuration was correct, I asked
> my cgi application to 
> print the effective user ID by whom it is run.
> Any suggestion
> 
> My httpd version is httpd-2.2.0-5.1.2
> yours
> Amir
> 
> 
>
---------------------------------------------------------------------
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> users-unsubscribe@httpd.apache.org
>    "   from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail:
> users-help@httpd.apache.org
> 
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org