httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "gdwfkd@gmail.com" <gdw...@gmail.com>
Subject Re: [users@httpd] Re: Alternate cgi-bin directories not working on apache 2.0.52 on rhel
Date Wed, 10 Jan 2007 23:00:57 GMT
You're my hero.  SELinux was the culprit.  Once it was turned off,
everything worked.  I can work on making everything work with SELinux now.

Thanks, and thanks to all who responded.



On 1/10/07, Hugh Williams <hughw@soco.agilent.com> wrote:
>
> gdwfkd@gmail.com wrote:
> > This is weird.  New server.  cgi's don't execute outside the normal
> cgi-bin
> > directory.  The problem was showing up as problems with a nagios
> install.
> > The nagios front page works, but the status pages, which are all cgi's,
> > don't work.
> >
> > I increased logging to debug in apache and I get:
> >
> > [Tue Jan 09 14:53:21 2007] [error] [client 10.3.41.164] (13)Permission
> > denied: exec of '/usr/lib/nagios/cgi/tac.cgi' f
> > ailed, referer: http://some.server.com/nagios/side.html
> > [Tue Jan 09 14:53:21 2007] [error] [client 10.3.41.164] Premature end of
> > script headers: tac.cgi, referer:
> http://some.server.com/nagios/side.html
> >
> > I tried some nagios config things, but then I took a simple hello world
> CGI,
> > verified that it worked in the standard cgi-bin directory, and copied it
> > into the script alias directory for nagios and it doesn't work.
> >
> > Tried script alias directories in a few different partitions just to be
> > sure.  None of them worked.
> >
> > Compiled a different version of apache, non-rpm, and installed in
> another
> > directory, and that works,.but don't want to go that route.
> >
> > Any ideas?
>
> It may be that you have SELinux turned on on your system.  This security
> 'blanket' restricts the location of web-related activities.  See whether
> it's enabled (/usr/sbin/sestatus -v) , and if your problem vanishes when
> it's off, then you either get to work with it's configuration to permit
> the alternate location(s) or keep it off.
>
> You can read lots of good starting information at
>
> http://fedora.redhat.com/docs/selinux-faq-fc3/
> http://fedora.redhat.com/docs/selinux-faq-fc5/
>
> depending on which core your server is on.
>
> hugh
>
> >
> > Some details below:
> >
> > apache on rhel:
> > httpd-2.0.52-25.ent
> > Linux some.server.com 2.6.9-42.ELsmp #1 SMP Wed Jul 12 23:27:17 EDT 2006
> > i686 i686 i386 GNU/Linux
> >
> > Nagios install wasn't working.  conf.d/nagios.conf is:
> >
> > ##########
> >
> > ScriptAlias /nagios/cgi-bin/ "/usr/lib/nagios/cgi/"
> > <Directory "/usr/lib/nagios/cgi/">
> >    Options ExecCGI
> >    AllowOverride None
> >    Order allow,deny
> >    Allow from all
> >    AuthName "Nagios Access"
> >    AuthType Basic
> >    AuthUserFile /etc/nagios/htpasswd.users
> >    Require valid-user
> > </Directory>
> >
> > ##########
> >
> > Relevant cgi entry from the httpd.conf:
> >
> > ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
> >
> > #
> > # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
> > # CGI directory exists, if you have that configured.
> > #
> > <Directory "/var/www/cgi-bin">
> >     AllowOverride None
> >     Options None
> >     Order allow,deny
> >     Allow from all
> > </Directory>
> >
> > ##########
>
>
> --
> Hugh Williams                  "There are two things to aim for in life;
> hugh_williams@agilent.com       first, to get what you want; and after
> that,
> Agilent Technologies            to enjoy it.  Only the wisest of mankind
> Santa Rosa 2US-C                achieve the second."
> 707.577.4941                         - Logan Pearsall Smith, 1931
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message