httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bennett Haselton <benn...@peacefire.org>
Subject Re: [users@httpd] how to enable CGI scripts to read /var/log/httpd/access_log ?
Date Mon, 11 Feb 2008 22:19:43 GMT
At 02:14 PM 2/11/2008 -0500, Joshua Slive wrote:
>On Feb 11, 2008 1:38 PM, Bennett Haselton <bennett@peacefire.org> wrote:
> > I am trying to run a CGI script that can open /var/log/httpd/access_log 
> for
> > reading and parse some data from it.  (This is on a dedicated machine.)
> >
> > The file /var/log/httpd/access_log is owned by root, but that's not the
> > problem.  I have other files owned by root that are in the 
> /var/www/html
> > directory and CGI scripts can read those with no problem (because they 
> are
> > world-*readable*, just like /var/log/httpd/access_log is).  The problem 
> is
> > that apparently CGI scripts cannot open any files for reading that are
> > located outside of /var/www .
>
>There is no setting in the default apache install that could impose
>that restriction. Are you running SELinux perhaps?

Well I'm running the CentOS 4.4 distro, but according to 
http://en.wikipedia.org/wiki/Selinux , SELinux is not actually a distro, so 
not mutually exclusive with CentOS.  So could this machine be running 
SELinux?  How do I tell?  The hosting company set it up for me.

>Have you tried
>"setenforce 0" to see if the issue goes away?

Well, damn.  I do believe that fixed it.  Thanks!

>In general, the most secure way to deal with tasks that are beyond the
>permissions of your apache child processes is to use "sudo". But I bet
>your problem is an OS configuration issue. If the file is
>world-readable, your cgi scripts should be able to read it.

My CGI scripts can read world-readable files when those files are under 
/var/www, just not when the world-readable files are located anywhere else.

         -Bennett


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message