httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bennett Haselton <benn...@peacefire.org>
Subject Re: [users@httpd] how to enable CGI scripts to read /var/log/httpd/access_log ?
Date Mon, 11 Feb 2008 22:55:40 GMT
At 02:14 PM 2/11/2008 -0500, Joshua Slive wrote:
>On Feb 11, 2008 1:38 PM, Bennett Haselton <bennett@peacefire.org> wrote:
> > I am trying to run a CGI script that can open /var/log/httpd/access_log 
> for
> > reading and parse some data from it.  (This is on a dedicated machine.)
> >
> > The file /var/log/httpd/access_log is owned by root, but that's not the
> > problem.  I have other files owned by root that are in the 
> /var/www/html
> > directory and CGI scripts can read those with no problem (because they 
> are
> > world-*readable*, just like /var/log/httpd/access_log is).  The problem 
> is
> > that apparently CGI scripts cannot open any files for reading that are
> > located outside of /var/www .
>
>There is no setting in the default apache install that could impose
>that restriction. Are you running SELinux perhaps? Have you tried
>"setenforce 0" to see if the issue goes away?

It does, but unfortunately after the server is rebooted, the effect of 
doing "setenforce 0" is lost (i.e. setuid scripts no longer run as setuid), 
and I have to do it again if I want setuid to work again.

Is there any way I can make the effect of "setenforce 0" permanent?  I 
could put it into a startup script or something, but that seems like a 
hacky solution compared to actually changing the system setting.

         -Bennett

bennett@peacefire.org     http://www.peacefire.org
(425) 497 9002


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message