[SOLVED] apache: optimal read/write location for perl scripts

bluegospel · 01-18-2011, 08:26 PM

I'm not quite sure where to have my perl scripts write to/read from in Apache. The data written will be accessed and printed for visitors. Any recommendations? I'm running CentOS 5.5.

kbp · 01-20-2011, 06:15 AM

Anywhere you like.. your web server can be configured to serve any directory. Don't forget - if you have selinux enabled you'll need to check the context of your data -

# is selinux enforcing?

Code:

getenforce

# .. if result from above is 'enforcing':

Code:

chcon -R --reference=/var/www/html /path/to/my/data

bluegospel · 01-20-2011, 03:03 PM

Thanks kbp; I think this is what I need. Does this just mean data can be read/written here according to the permissions set for /var/www/html, that /path assumes the same permissions as /var/www/html?

kbp · 01-20-2011, 04:19 PM

No .. it tells selinux that this data is web content which means that selinux won't prevent apache from accessing it. In RHEL/CentOS selinux is in targeted mode by default which means that specific applications are protected/restricted, apache httpd is one of them.

If you want to poke around try running 'ls -ldZ /var/www/html' and you'll see that it's type is 'httpd_sys_content_t', apache isn't allowed to serve any directories that aren't the right type. You can see all the possible types by running 'semanage fcontext -l'.

cheers

bluegospel · 01-20-2011, 04:48 PM

Thanks alot! You've been a great help.

bluegospel · 01-21-2011, 12:46 PM

So if I wanted to set the security context directly, would I run 1)

Code:

chcon -R httpd_sys_content_t /path/to/data

or 2)

Code:

chcon -R system_u:object_r:httpd_sys_content_t:so /path/to/data

kbp · 01-21-2011, 10:41 PM

The second one... it's usually easier to use '--reference=/blah' though