SSI stopped working after upgrade to FC3
Actually, it was a fresh install of FC3, but I saved my entire /var/www directory and everything underneath it to get my site back up and running quickly...
So, on FC1 I had a bunch of litlle scripts (simple bash commands for downloading and formatting some files to be displayed on the page, ie weather radar and forecast info) that were all located in /bin, and I had apache execute them via SSI exec commands in the page. This was never a problem, they always executed as user:group apache:apache, and never had permission problems. Now, after the move to FC3, they are giving me errors I can't get past with simple file permissions. Upon calling the page, here's what I get in /var/log/httpd/error_log ###################################################################### [Sun May 29 13:20:31 2005] [notice] core dump file size limit raised to 4294967295 bytes [Sun May 29 13:20:32 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Sun May 29 13:20:33 2005] [notice] Digest: generating secret for digest authentication ... [Sun May 29 13:20:33 2005] [notice] Digest: done [Sun May 29 13:20:33 2005] [notice] LDAP: Built with OpenLDAP LDAP SDK [Sun May 29 13:20:33 2005] [notice] LDAP: SSL support unavailable [Sun May 29 13:20:36 2005] [notice] mod_python: Creating 4 session mutexes based on 150 max processes and 0 max threads. [Sun May 29 13:20:37 2005] [notice] Apache/2.0.52 (Fedora) configured -- resuming normal operations (13)Permission denied: exec of 'traffic' failed (13)Permission denied: exec of 'sudo uptime' failed (13)Permission denied: exec of 'gettemp' failed (13)Permission denied: exec of 'getforecast' failed ###################################################################### And here's /var/log/messages #################################################################### May 29 13:22:39 theblumls kernel: audit(1117390959.882:0): avc: denied { read } for pid=3550 exe=/usr/sbin/httpd name=sh dev=dm-0 ino=262153 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:bin_t tclass=lnk_file May 29 13:22:40 theblumls kernel: audit(1117390960.052:0): avc: denied { read } for pid=3551 exe=/usr/sbin/httpd name=sh dev=dm-0 ino=262153 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:bin_t tclass=lnk_file May 29 13:22:40 theblumls kernel: audit(1117390960.435:0): avc: denied { read } for pid=3552 exe=/usr/sbin/httpd name=sh dev=dm-0 ino=262153 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:bin_t tclass=lnk_file May 29 13:22:40 theblumls kernel: audit(1117390960.444:0): avc: denied { read } for pid=3553 exe=/usr/sbin/httpd name=sh dev=dm-0 ino=262153 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:bin_t tclass=lnk_file #################################################################### I'm running whatever apache comes on the latest version of FC3, though I can't tell what version that is now for some reason... As you'll notice from the error_log, suexec is getting loaded, so can the problem be there? I don't remember having to use that in FC1, and I did nothing to configure it here on FC3, AND I can't even figure out HOW to configure it (I think it can only be configured at compile time, but I don't know how/where to complie/recomplile it. Argh!!!! Any suggestions at all are very much appreciated. L:et me know if you need more info... Thanks... |
Just noticed, includes ARE working, just not exec cmd=xxxxx. So SSI appears to be properly enabled.
How about this; Is anybody using FC3 and apache and able to successfully use SSI to do an exec cmd? Just something simple like: Code:
<!--#exec cmd="whoami" --> So, if you're able to do this, will you please share with me your httpd.conf file? :) Oh, and what version of apache are you running? PLEASE help! |
got it. disabled selinux for the httpd daemon and it works again.
Hope that doesn't open some major hole... |
Oh, here's a thread that got me through this and still able to keep selinux enabled...
http://www.linuxquestions.org/questi...hreadid=288726 |
All times are GMT -5. The time now is 08:52 PM. |