httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bell, Alvin" <Alvin.B...@navcanada.ca>
Subject [users@httpd] RE: Xserver authorization running scripts via Apache
Date Tue, 25 Feb 2014 16:37:13 GMT
This question did not garner any replies but fortunately I have solved it myself.

For the sake of anyone else who runs into similar issues, the problem was caused by SELINUX
which was configured for targeted enforcement of security policy. I have for now disabled
it and got round the problem. I may have to re-enable it and see how to configure it not to
restrict the things that have caused issue which as well as opening xterms, include issuing
remote commands and printing of newline characters from the second level script via apache.

From: Bell, Alvin
Sent: February-14-14 11:35 AM
To: 'users@httpd.apache.org'
Subject: Xserver authorization running scripts via Apache

I am trying to run a simple script which brings up a gnome terminal on the user's display.
I have created a perl cgi script which calls a shell script using a system call. If I run
the perl cgi script from the command line, it brings up the gnome terminal correctly. If I
try running the perl cgi script via the Apache web server, I get the following error in /var/log/httpd/error_log:

<Date> [error] [client 10.61.8.152] Failed to parse arguments: Cannot open display:
10.61.8.152:0.0 ...

The obvious answer would be that I am not setting the DISPLAY environment variable or that
xhost is not set to allow the display. I have tried setting the DISPLAY variable but am specifying
the display parameter as argument for gnome-terminal in any case. I have used xhost + to ensure
it is not restricting it but I still get the error.

The perl cgi script call is made with:
my @args=("/tmp/monitor.sh &");
my $status=system("@args");

The monitor.sh shell script call for xterm is made with:
gnome-terminal -display=10.61.8.152:0.0 -geometry=125x24 -hide-menubar -title="My title"

I am initially testing this out locally on the apache server system so the display address
is that of the Apache server. The server has a running Xserver and as mentioned, the script
works if called from the command line.

I have setup Apache to run as a local user rather than Apache user. The scripts are both owned
by this same user and have permissions set accordingly. I added a command in the shell script
to create a text file. When run via the Apache server, the file is created with the ownership
of the user I specified confirming that the shell is being run as the expected user.

I have also tried making the call using ssh with -X option from either the cgi-script or the
shell script but, despite setting up ssh to allow passwordless login for the user in question
and again, seeing it run OK from command line, I have problems running via Apache server,
getting the error:
<Date> [error] [client 10.61.8.152] ssh: connect to host <hostname> port 22: Permission
denied ...

If I try calling the gnome terminal directly from the perl cgi script, I get the same errors
stated. I would prefer to start it from the shell script though since I want to run other
commands from the script too and it would be easier.

Apache info:
Server version: Apache/2.2.15 (Unix)
Server built: Dec 5 2012 04:03:01

Unix info:
Redhat 6.4 x86_64

Any help would be greatly appreciated,
Thanks,
Alvin

Mime
View raw message