Actually, it was a fresh install of FC3, but I saved my entire /var/www directory and everything underneath it to get my site back up and running quickly...

So, on FC1 I had a bunch of litlle scripts (simple bash commands for downloading and formatting some files to be displayed on the page, ie weather radar and forecast info) that were all located in /bin, and I had apache execute them via SSI exec commands in the page. This was never a problem, they always executed as user:group apache:apache, and never had permission problems.

Now, after the move to FC3, they are giving me errors I can't get past with simple file permissions. Upon calling the page, here's what I get in /var/log/httpd/error_log

######################################################################
[Sun May 29 13:20:31 2005] [notice] core dump file size limit raised to 4294967295 bytes
[Sun May 29 13:20:32 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun May 29 13:20:33 2005] [notice] Digest: generating secret for digest authentication ...
[Sun May 29 13:20:33 2005] [notice] Digest: done
[Sun May 29 13:20:33 2005] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Sun May 29 13:20:33 2005] [notice] LDAP: SSL support unavailable
[Sun May 29 13:20:36 2005] [notice] mod_python: Creating 4 session mutexes based on 150 max processes and 0 max threads.
[Sun May 29 13:20:37 2005] [notice] Apache/2.0.52 (Fedora) configured -- resuming normal operations
(13)Permission denied: exec of 'traffic' failed
(13)Permission denied: exec of 'sudo uptime' failed
(13)Permission denied: exec of 'gettemp' failed
(13)Permission denied: exec of 'getforecast' failed
######################################################################

And here's /var/log/messages
####################################################################
May 29 13:22:39 theblumls kernel: audit(1117390959.882:0): avc: denied { read } for pid=3550 exe=/usr/sbin/httpd name=sh dev=dm-0 ino=262153 scontext=user_u:system_r:httpd_t tcontext=system_ubject_r:bin_t tclass=lnk_file
May 29 13:22:40 theblumls kernel: audit(1117390960.052:0): avc: denied { read } for pid=3551 exe=/usr/sbin/httpd name=sh dev=dm-0 ino=262153 scontext=user_u:system_r:httpd_t tcontext=system_ubject_r:bin_t tclass=lnk_file
May 29 13:22:40 theblumls kernel: audit(1117390960.435:0): avc: denied { read } for pid=3552 exe=/usr/sbin/httpd name=sh dev=dm-0 ino=262153 scontext=user_u:system_r:httpd_t tcontext=system_ubject_r:bin_t tclass=lnk_file
May 29 13:22:40 theblumls kernel: audit(1117390960.444:0): avc: denied { read } for pid=3553 exe=/usr/sbin/httpd name=sh dev=dm-0 ino=262153 scontext=user_u:system_r:httpd_t tcontext=system_ubject_r:bin_t tclass=lnk_file
####################################################################

I'm running whatever apache comes on the latest version of FC3, though I can't tell what version that is now for some reason...

As you'll notice from the error_log, suexec is getting loaded, so can the problem be there? I don't remember having to use that in FC1, and I did nothing to configure it here on FC3, AND I can't even figure out HOW to configure it (I think it can only be configured at compile time, but I don't know how/where to complie/recomplile it. Argh!!!!

Any suggestions at all are very much appreciated.

L:et me know if you need more info...

Thanks...

Just noticed, includes ARE working, just not exec cmd=xxxxx. So SSI appears to be properly enabled.

How about this; Is anybody using FC3 and apache and able to successfully use SSI to do an exec cmd? Just something simple like:

Because I can't even get that to go. Same type of error message.

So, if you're able to do this, will you please share with me your httpd.conf file? Oh, and what version of apache are you running?

PLEASE help!

got it. disabled selinux for the httpd daemon and it works again.

Hope that doesn't open some major hole...

Oh, here's a thread that got me through this and still able to keep selinux enabled...

http://www.linuxquestions.org/questi...hreadid=288726