Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 56C16178D4 for ; Fri, 16 Oct 2015 14:37:50 +0000 (UTC) Received: (qmail 2310 invoked by uid 500); 16 Oct 2015 14:37:46 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 2271 invoked by uid 500); 16 Oct 2015 14:37:46 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 2261 invoked by uid 99); 16 Oct 2015 14:37:46 -0000 Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 16 Oct 2015 14:37:46 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 55CCB1A2BAB for ; Fri, 16 Oct 2015 14:37:46 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.009 X-Spam-Level: X-Spam-Status: No, score=-0.009 tagged_above=-999 required=6.31 tests=[T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-us-east.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id AJBfvBeFw-o1 for ; Fri, 16 Oct 2015 14:37:34 +0000 (UTC) Received: from spam1.schoolcraft.edu (spam1.schoolcraft.edu [216.55.112.4]) by mx1-us-east.apache.org (ASF Mail Server at mx1-us-east.apache.org) with ESMTP id B724742B32 for ; Fri, 16 Oct 2015 14:37:33 +0000 (UTC) X-ASG-Debug-ID: 1445006245-04d95b122ca83e0001-XEkec8 Received: from MAILBOX.lv.schoolcraft.cc.mi.us ([216.55.112.50]) by spam1.schoolcraft.edu with ESMTP id GPAm4wSWjxPScBdn for ; Fri, 16 Oct 2015 10:37:25 -0400 (EDT) X-Barracuda-Envelope-From: djohnson@schoolcraft.edu X-Barracuda-RBL-Trusted-Forwarder: 216.55.112.50 Received: from MAILBOX.lv.schoolcraft.cc.mi.us ([::1]) by MAILBOX.lv.schoolcraft.cc.mi.us ([::1]) with mapi id 14.03.0210.002; Fri, 16 Oct 2015 10:37:25 -0400 From: David Johnson To: "users@httpd.apache.org" Thread-Topic: [users@httpd] Error executing script through Apache X-ASG-Orig-Subj: RE: [users@httpd] Error executing script through Apache Thread-Index: AdEIHfQrvG+fiMfCRket0MBBSeKxBQAIjkMAAAgQQvA= Date: Fri, 16 Oct 2015 14:37:24 +0000 Message-ID: References: <20151016142630.GB2174@palma.openstrike.co.uk> In-Reply-To: <20151016142630.GB2174@palma.openstrike.co.uk> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.232.4.36] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Barracuda-Connect: UNKNOWN[216.55.112.50] X-Barracuda-Start-Time: 1445006245 X-Barracuda-URL: https://10.155.10.4:443/cgi-mod/mark.cgi X-Virus-Scanned: by bsmtpd at schoolcraft.edu X-Barracuda-BRTS-Status: 1 X-Barracuda-Spam-Score: 0.20 X-Barracuda-Spam-Status: No, SCORE=0.20 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=5.0 tests=PR0N_SUBJECT X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.23546 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.20 PR0N_SUBJECT Subject has letters around special characters (pr0n) Subject: RE: [users@httpd] Error executing script through Apache Hello All Pete - You were right! When I try to execute I get this in the audit log. type=3DAVC msg=3Daudit(1445006093.179:15955): avc: denied { write } for = pid=3D22733 comm=3D"udt" name=3D"apphome" dev=3Ddm-0 ino=3D23199745 scontex= t=3Dunconfined_u:system_r:httpd_sys_script_t:s0 tcontext=3Dunconfined_u:obj= ect_r:default_t:s0 tclass=3Ddir type=3DSYSCALL msg=3Daudit(1445006093.179:15955): arch=3D40000003 syscall= =3D5 per=3D400000 success=3Dno exit=3D-13 a0=3Dffeb8bcc a1=3D242 a2=3D1b6 a= 3=3D7 items=3D0 ppid=3D22731 pid=3D22733 auid=3D0 uid=3D800 gid=3D100 euid= =3D800 suid=3D800 fsuid=3D800 egid=3D100 sgid=3D100 fsgid=3D100 tty=3D(none= ) ses=3D1242 comm=3D"udt" exe=3D"/usr/ud73/bin/udt" subj=3Dunconfined_u:sys= tem_r:httpd_sys_script_t:s0 key=3D(null) type=3DAVC msg=3Daudit(1445006093.179:15956): avc: denied { append } for = pid=3D22733 comm=3D"udt" name=3D"udt.errlog" dev=3Ddm-0 ino=3D64490264 sco= ntext=3Dunconfined_u:system_r:httpd_sys_script_t:s0 tcontext=3Dunconfined_u= :object_r:usr_t:s0 tclass=3Dfile type=3DSYSCALL msg=3Daudit(1445006093.179:15956): arch=3D40000003 syscall= =3D5 per=3D400000 success=3Dno exit=3D-13 a0=3Dffeb66ac a1=3D441 a2=3D1b6 a= 3=3D83d46a9 items=3D0 ppid=3D22731 pid=3D22733 auid=3D0 uid=3D800 gid=3D100= euid=3D800 suid=3D800 fsuid=3D800 egid=3D100 sgid=3D100 fsgid=3D100 tty=3D= (none) ses=3D1242 comm=3D"udt" exe=3D"/usr/ud73/bin/udt" subj=3Dunconfined_= u:system_r:httpd_sys_script_t:s0 key=3D(null) type=3DAVC msg=3Daudit(1445006093.179:15957): avc: denied { associate } f= or pid=3D22733 comm=3D"udt" key=3D1157629479 scontext=3Dunconfined_u:syst= em_r:httpd_sys_script_t:s0 tcontext=3Dunconfined_u:unconfined_r:unconfined_= t:s0-s0:c0.c1023 tclass=3Dshm type=3DSYSCALL msg=3Daudit(1445006093.179:15957): arch=3D40000003 syscall= =3D117 per=3D400000 success=3Dno exit=3D-13 a0=3D17 a1=3D45000627 a2=3D0 a3= =3D0 items=3D0 ppid=3D22731 pid=3D22733 auid=3D0 uid=3D800 gid=3D100 euid= =3D800 suid=3D800 fsuid=3D800 egid=3D100 sgid=3D100 fsgid=3D100 tty=3D(none= ) ses=3D1242 comm=3D"udt" exe=3D"/usr/ud73/bin/udt" subj=3Dunconfined_u:sys= tem_r:httpd_sys_script_t:s0 key=3D(null) Please forgive my ignorance, but what can I do now to resolve this? Thank you, David C. Johnson David C.Johnson=A0 Schoolcraft College Administrative Systems Senior Systems Administrator A-180 1(734)462-4716 djohnson@schoolcraft.edu -----Original Message----- From: Pete Houston [mailto:ph1@openstrike.co.uk]=20 Sent: Friday, October 16, 2015 10:27 AM To: users@httpd.apache.org Subject: Re: [users@httpd] Error executing script through Apache On Fri, Oct 16, 2015 at 02:21:45PM +0000, David Johnson wrote: > What would be different about being logged in as www at the command line = and calling a script vs. running Apache as www and calling it through the i= ntranet? The SELinux context will be different. Check the audit log to see if it's b= eing denied. Pete -- Openstrike - improving business through open source http://www.openstrike.c= o.uk/ or call 01722 770036 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org