[users@httpd] serious problem with httpd.conf file

[Chuck Crisler <ch...@comcast.net>]

I have had a running problem with permissions with Apache. With some
recent testing I think that I have narrowed the problem.

I have run the command 'service httpd configtest' and the result was
'Syntax OK'.

Any attempt to execute a script in the cgi-bin directory fails with an
error that I don't have permission. I have definitely setup my cgi-bin
directory permissions properly (the directory is drwxr-xr-w, the files
are rwxr-xr-x). The directory is owned by root/root as are the script
files. On fedora, apache runs as apache/apache.

In my httpd.conf file I have defined the ScriptAlias as /cgi-bin/
"/var/www/cgi-bin/". The Directory section lists the Options as Indexes
FollowSymLinks ExecCGI Includes, Order is allow, deny and Allow from
all. This is all correct and *SHOULD* work (to the best of my
knowledge).

I tried executing a non-existent script. It failed with a 'script not
found' error. OK, that is good. I then re-named another test script to
that name and repeated the process. It failed with the permissions
violation.

I then changed the location of the cgi-bin directory to my home
directory, both the ScriptAlias directive and the Directory section.

I stopped and re-started Apache. When I tried to execute the
non-existent script, I got a permission error rather than a file not
found error. I had *NOT* copied the non-existent test script so I knew
that it wasn't there.

Here is the error message when I tried to execute the non-existent
script in the cgi-bin directory under my home directory:

[Thu Aug 27 21:17:12 2009] [error] [client 127.0.0.1] (13)Permission
denied: access to /cgi-bin/test.pl denied

Result: I believe that *SOMEHOW/SOMEWHERE* the /cgi-bin/ directive is
set with a default Options directive that is not allowing me to execute
scripts, but I can't find how or where this is happening.

Any suggestions or alternatives would be *GREATLY* appreciated.

TIA,
Chuck Crisler


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] serious problem with httpd.conf file

[Nick Kew <ni...@webthing.com>]

Chuck Crisler wrote:
> I have had a running problem with permissions with Apache. With some
> recent testing I think that I have narrowed the problem.
> 
> I have run the command 'service httpd configtest' and the result was
> 'Syntax OK'.

That's a command from your packager, not from apache.  You might
want to check your packager's documentation.

> [Thu Aug 27 21:17:12 2009] [error] [client 127.0.0.1] (13)Permission
> denied: access to /cgi-bin/test.pl denied

That looks like filesystem permissions: check again.  Not just
unix file permissions, but things like mount flags or selinux
if applicable.

-- 
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] serious problem with httpd.conf file

[Dan Poirier <po...@pobox.com>]

Apache is running as apache/apache, the directory is owned by root/root,
and the directory doesn't have execute permissions for 'other'.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org