LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 08-01-2006, 02:08 PM   #1
isuck@linux
Member
 
Registered: Jun 2006
Distribution: messed up debian
Posts: 250

Rep: Reputation: 30
CGI execution problems


I have little hello world cgi script that I can't get to work.
If I place the script file within a real directory within my virtual host root directory the script works just fine.
Now I read that for security reason I should place my scripts within a directory external to my virtual's host directory, so I pointed all the ScriptAlias and <directory> permissions to this new external directory and gave the user execution permissions, but now it does not work. Is it there anythning else I'm missing?

This is the configuration that does not work:

ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"

<Directory "/usr/local/awstats/wwwroot/cgi-bin/">
Options +ExecCGI
AddHandler cgi-script pl cgi
AllowOverride None
Order allow,deny
Allow from all
</Directory>

If I replace this config for the following one, everything works just fine:

ScriptAlias /awstats/ "/var/www/apache2-default/www.mydomain.com/cgi-bin/"

<Directory "/var/www/apache2-default/www.mydomain.com/cgi-bin/">
Options +ExecCGI
AddHandler cgi-script pl cgi
AllowOverride None
Order allow,deny
Allow from all
</Directory>

Permissions to the directories and scrits are set to the same. Am I missing something in httpd.conf or somewhere else that prevent my nobody apache user to execute scripts located in directories external to apache's www directory?? thanks is advance guys.
 
Old 08-01-2006, 06:13 PM   #2
isuck@linux
Member
 
Registered: Jun 2006
Distribution: messed up debian
Posts: 250

Original Poster
Rep: Reputation: 30
I need help with this, moving it on top!!!
 
Old 08-01-2006, 08:22 PM   #3
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD, Raspbian, Arch
Posts: 2,280

Rep: Reputation: 354Reputation: 354Reputation: 354Reputation: 354
Does userid "nobody" have read and execute permissions on all directories down the path to your new script directory? (Not just the final directory "cgi-bin", but each directory further up the PATH from that as well.)

What does Apache's error log tell you when you try to execute things from your new script directory? Possible location of this logfile (may be different on your system): /var/log/apache2/error.log
 
Old 08-02-2006, 12:11 PM   #4
isuck@linux
Member
 
Registered: Jun 2006
Distribution: messed up debian
Posts: 250

Original Poster
Rep: Reputation: 30
Tells me that I have no permission to execute. But no, I just gave X permission to the current cgi-directory, I did not gave X permission to the whole path. Then if I want to execute isuck.pl located in /usr/awstats/cgi, I need X permissions for the apache user in /cgi and also in /awstats? Isn't enough to give X permisssions in /usr/awstats/cgi? Thanks for your help.
 
Old 08-02-2006, 12:32 PM   #5
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD, Raspbian, Arch
Posts: 2,280

Rep: Reputation: 354Reputation: 354Reputation: 354Reputation: 354
Quote:
Originally Posted by isuck@linux
I just gave X permission to the current cgi-directory, I did not gave X permission to the whole path.
This would be a problem. You need to be able to read (optional) and execute ALL directories in the chain down to your executable cgi file. Technically, only execute is required on the path directories. Read on directories usually runs lock-step with execute, but it doesn't have to. There may be some minor security gain in some situations to allow execute but not read on directories. This is standard Unix/Linux permission stuff - nothing special here in regards to Apache.
 
Old 08-02-2006, 12:41 PM   #6
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD, Raspbian, Arch
Posts: 2,280

Rep: Reputation: 354Reputation: 354Reputation: 354Reputation: 354
I just noticed that this is a duplicate thread (O.P. - you shouldn't do this, it confuses things).

Discussion should probably continue over on the other thread: http://www.linuxquestions.org/questi...d.php?t=469680
 
Old 08-02-2006, 06:19 PM   #7
isuck@linux
Member
 
Registered: Jun 2006
Distribution: messed up debian
Posts: 250

Original Poster
Rep: Reputation: 30
Yes, it is duplicated, happened that I got no answer to my post from yesterday and I found another one discussing the same issue posted today. Sorry about that.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SU/program execution permission problems darin3200 Linux - Software 8 08-20-2005 11:03 PM
crond shell execution problems lm317t Linux - General 1 02-22-2005 10:46 AM
#! does not seem to work in cgi-bin?? (script execution) servnov Linux - General 6 12-06-2004 08:23 AM
Apache .cgi execution problems KeithKessler Linux - Software 7 12-01-2004 12:19 PM
Apache 1.4.7 cgi problems Sm0k3 Programming 1 10-19-2003 03:12 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:56 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration