Forum
403 - Forbidden
Phil Daintree
27 January 2009, 00:35
Hugo,
I have compiled 6.11 under puppylinux with
#export webrootdir =/root/httpd/hiawatha
#./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-xslt --build=i486-t2-linux-gnu
#make
#make install
running
#/usr/sbin/hiawatha -k
It finds the configuration file under /etc/hiawatha/httpd.conf and returns with configuration file ok(e)
all good so far..
and running the server with
#/usr/sbin/hiawatha -c /etc/hiawatha
all appears well
However, entering into my browser on the same machine
http://127.0.0.1/index.html
I get a "403 - Forbidden"
In /var/log/hiawatha/error.log I have
ue 27 Jan 2009 11:20:25 +0800|127.0.0.1|/root/httpd/hiawatha/index.html|access denied via filesystem
My httpd.conf file is vanilla - straight from the installation - I modified to run as nobody.
Appreciate any pointers!
Thanks in advance
Phil
I have compiled 6.11 under puppylinux with
#export webrootdir =/root/httpd/hiawatha
#./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-xslt --build=i486-t2-linux-gnu
#make
#make install
running
#/usr/sbin/hiawatha -k
It finds the configuration file under /etc/hiawatha/httpd.conf and returns with configuration file ok(e)
all good so far..
and running the server with
#/usr/sbin/hiawatha -c /etc/hiawatha
all appears well
However, entering into my browser on the same machine
http://127.0.0.1/index.html
I get a "403 - Forbidden"
In /var/log/hiawatha/error.log I have
ue 27 Jan 2009 11:20:25 +0800|127.0.0.1|/root/httpd/hiawatha/index.html|access denied via filesystem
My httpd.conf file is vanilla - straight from the installation - I modified to run as nobody.
# Hiawatha main configuration file
#
# GENERAL SETTINGS
#
ServerId = nobody
ConnectionsTotal = 150
ConnectionsPerIP = 10
SystemLogfile = /var/log/hiawatha/system.log
GarbageLogfile = /var/log/hiawatha/garbage.log
# BINDING SETTINGS
# A binding is where a client can connect to.
#
Binding {
Port = 80
# Interface = 127.0.0.1
# MaxKeepAlive = 30
# TimeForRequest = 3,20
}
#
#Binding {
# Port = 443
# Interface = ::1
# MaxKeepAlive = 30
# TimeForRequest = 3,20
# ServerKey = hiawatha.pem
# UseSSL = yes
#}
# BANNING SETTINGS
# Deny service to clients who misbehave.
#
#BanOnGarbage = 300
#BanOnMaxPerIP = 60
#BanOnMaxReqSize = 300
#KickOnBan = yes
#RebanDuringBan = yes
# COMMON GATEWAY INTERFACE (CGI) SETTINGS
# These settings can be used to run CGI applications. Use the 'php-fcgi'
# tool to start PHP as a FastCGI daemon.
#
#CGIhandler = /usr/bin/php-cgi:php
#CGIhandler = /usr/bin/perl:pl
#CGIhandler = /usr/bin/python:py
#CGIextension = cgi
#
#FastCGIserver {
# FastCGIid = PHP4
# ConnectTo = 127.0.0.1:2004
# Extension = php, php4
#}
#
#FastCGIserver {
# FastCGIid = PHP5
# ConnectTo = 10.0.0.100:2005, 10.0.0.101:2005
# Extension = php, php5
# SessionTimeout = 30
#}
# URL TOOLKIT
# These URL toolkit rules are made for the Skeleton PHP framework,
# which can be downloaded from: http://skeleton.leisink.org/
#
#UrlToolkit {
# ToolkitID = skeleton
# Match ^/$ Return
# RequestURI isfile Exit
# Match (.*)\?(.*) Rewrite $1&$2
# Match /(.*) Rewrite /index.php?page=$1
#}
# DEFAULT WEBSITE
# It is wise to use your IP address as the hostname of the default website
# and give it a blank webpage. By doing so, automated webscanners won't find
# your possible vulnerable website.
#
Hostname = 127.0.0.1
WebsiteRoot = /root/httpd/hiawatha
StartFile = index.html
AccessLogfile = /var/log/hiawatha/access.log
ErrorLogfile = /var/log/hiawatha/error.log
#ErrorHandler = 404:/error.cgi
# VIRTUAL HOSTS
# Use a VirtualHost section to declare the websites you want to host.
#
#VirtualHost {
# Hostname = www.my-domain.com
# WebsiteRoot = /var/www/my-domain/public
# StartFile = index.php
# AccessLogfile = /var/www/my-domain/log/access.log
# ErrorLogfile = /var/www/my-domain/log/error.log
# ExecuteCGI = yes
# FastCGI = PHP4
# TimeForCGI = 5
#}
# DIRECTORY SETTINGS
# You can specify some settings per directory.
#
#Directory {
# Path = /home/baduser
# ExecuteCGI = no
# UploadSpeed = 10,2
#}
#
# GENERAL SETTINGS
#
ServerId = nobody
ConnectionsTotal = 150
ConnectionsPerIP = 10
SystemLogfile = /var/log/hiawatha/system.log
GarbageLogfile = /var/log/hiawatha/garbage.log
# BINDING SETTINGS
# A binding is where a client can connect to.
#
Binding {
Port = 80
# Interface = 127.0.0.1
# MaxKeepAlive = 30
# TimeForRequest = 3,20
}
#
#Binding {
# Port = 443
# Interface = ::1
# MaxKeepAlive = 30
# TimeForRequest = 3,20
# ServerKey = hiawatha.pem
# UseSSL = yes
#}
# BANNING SETTINGS
# Deny service to clients who misbehave.
#
#BanOnGarbage = 300
#BanOnMaxPerIP = 60
#BanOnMaxReqSize = 300
#KickOnBan = yes
#RebanDuringBan = yes
# COMMON GATEWAY INTERFACE (CGI) SETTINGS
# These settings can be used to run CGI applications. Use the 'php-fcgi'
# tool to start PHP as a FastCGI daemon.
#
#CGIhandler = /usr/bin/php-cgi:php
#CGIhandler = /usr/bin/perl:pl
#CGIhandler = /usr/bin/python:py
#CGIextension = cgi
#
#FastCGIserver {
# FastCGIid = PHP4
# ConnectTo = 127.0.0.1:2004
# Extension = php, php4
#}
#
#FastCGIserver {
# FastCGIid = PHP5
# ConnectTo = 10.0.0.100:2005, 10.0.0.101:2005
# Extension = php, php5
# SessionTimeout = 30
#}
# URL TOOLKIT
# These URL toolkit rules are made for the Skeleton PHP framework,
# which can be downloaded from: http://skeleton.leisink.org/
#
#UrlToolkit {
# ToolkitID = skeleton
# Match ^/$ Return
# RequestURI isfile Exit
# Match (.*)\?(.*) Rewrite $1&$2
# Match /(.*) Rewrite /index.php?page=$1
#}
# DEFAULT WEBSITE
# It is wise to use your IP address as the hostname of the default website
# and give it a blank webpage. By doing so, automated webscanners won't find
# your possible vulnerable website.
#
Hostname = 127.0.0.1
WebsiteRoot = /root/httpd/hiawatha
StartFile = index.html
AccessLogfile = /var/log/hiawatha/access.log
ErrorLogfile = /var/log/hiawatha/error.log
#ErrorHandler = 404:/error.cgi
# VIRTUAL HOSTS
# Use a VirtualHost section to declare the websites you want to host.
#
#VirtualHost {
# Hostname = www.my-domain.com
# WebsiteRoot = /var/www/my-domain/public
# StartFile = index.php
# AccessLogfile = /var/www/my-domain/log/access.log
# ErrorLogfile = /var/www/my-domain/log/error.log
# ExecuteCGI = yes
# FastCGI = PHP4
# TimeForCGI = 5
#}
# DIRECTORY SETTINGS
# You can specify some settings per directory.
#
#Directory {
# Path = /home/baduser
# ExecuteCGI = no
# UploadSpeed = 10,2
#}
Appreciate any pointers!
Thanks in advance
Phil
Hugo Leisink
27 January 2009, 00:47
A pointer was already given by the errorlog: Hiawatha was denied access to the requested file because of insufficient rights (filesystem). Make sure Hiawatha is able to access the directories the requested file is located in (execute bit) and Hiawatha is able to read the requested file (read bit). In this case, chmod is your friend.
Phil Daintree
27 January 2009, 03:23
Well that's what I thought. Unfortunately,
/root/httpd/hiawatha is currently owned by the user nobody and a member of the nobody group and the permissions on the directory and all files below are dwrxr-xr-x
Any more pointers please!
/root/httpd/hiawatha is currently owned by the user nobody and a member of the nobody group and the permissions on the directory and all files below are dwrxr-xr-x
Any more pointers please!
Hugo Leisink
27 January 2009, 08:20
How about /root and /root/httpd? Are they accessible for the user 'nobody'?
Phil Daintree
27 January 2009, 09:09
They were readable and executable ... I have changed it so the user 'nobody' is owner and they are in the 'nobody' group. Stopped and started hiawatha, closed the browser and tried again - still 403 - Forbidden
just now ran :
#cd /
#chmod -R 777 root
no prisoners here ... still no go!
#ls -l /root/httpd
drwxrwxrwx 4 nobody nobody 1024 2009-01-27 10:49 httpd
#ls -l /root/httpd/hiawatha
drwxrwxrwx 4 nobody nobody 1024 2009-01-27 10:53 hiawatha
ls -l /root/httpd/hiawatha/*
drwxrwxrwx 8 nobody nobody 1024 2008-07-13 11:27 blog
-rwxrwxrwx 1 nobody nobody 37557 2008-07-12 19:02 hiawatha.htm
-rwxrwxrwx 1 nobody nobody 1926 2009-01-27 10:49 index.html
Obviously hiawatha is writing to the logs ok so permissions are ok there, hiawatha is running ok
#ps -ef |grep hiawatha
nobody 17901 1 0 19:55 ? 00:00:00 /usr/sbin/hiawatha -c /etc/hiawatha
root 22982 9598 0 20:06 pts/0 00:00:00 grep hiawatha
This makes no sense to me.
just now ran :
#cd /
#chmod -R 777 root
no prisoners here ... still no go!
#ls -l /root/httpd
drwxrwxrwx 4 nobody nobody 1024 2009-01-27 10:49 httpd
#ls -l /root/httpd/hiawatha
drwxrwxrwx 4 nobody nobody 1024 2009-01-27 10:53 hiawatha
ls -l /root/httpd/hiawatha/*
drwxrwxrwx 8 nobody nobody 1024 2008-07-13 11:27 blog
-rwxrwxrwx 1 nobody nobody 37557 2008-07-12 19:02 hiawatha.htm
-rwxrwxrwx 1 nobody nobody 1926 2009-01-27 10:49 index.html
Obviously hiawatha is writing to the logs ok so permissions are ok there, hiawatha is running ok
#ps -ef |grep hiawatha
nobody 17901 1 0 19:55 ? 00:00:00 /usr/sbin/hiawatha -c /etc/hiawatha
root 22982 9598 0 20:06 pts/0 00:00:00 grep hiawatha
This makes no sense to me.
Phil Daintree
27 January 2009, 09:36
I am a little surprised that directories above /root/httpd/hiawatha would need to be readable by the web-server user - is this really a requirement?
Hugo Leisink
27 January 2009, 10:19
Somehow, the OS is not allowing Hiawatha to read the file. Are you using a security patch on your kernel like grSecurity, AppArmor or SELinux? The message "access denied via filesystem" indicates that the OS is not allowing access. It's not a Hiawatha configuration issue. If you switch to user nobody, can you read the requested file via 'cat'?
Not readable, but accessible. In other words: the x flag, not the r flag
I am a little surprised that directories above /root/httpd/hiawatha would need to be readable by the web-server user - is this really a requirement?
Not readable, but accessible. In other words: the x flag, not the r flag
Phil Daintree
27 January 2009, 10:55
If you switch to user nobody, can you read the requested file via 'cat'?
No I can't!! What gives??
This is under puppy 4.2 alpha 1. All was well in puppy 4.1.2. I am thinking it is something to do with this alpha version of puppy. I have advised the guys there of the issue. However, they are using the same kernel as was in 4.1.2 and pretty sure none of AppArmor SELinux or grSecurity are used.
Many thanks again Hugo - I will see if the puppy lads can figure it out!
Marco
29 April 2010, 11:55
Hi Hugo, on my fedora 12 php and perl cgi not work.... work only index.htm .....
ERROR:
tail -f /var/log/hiawatha/error.log
Thu 29 Apr 2010 10:49:44 +0200|127.0.0.2|/var/www/speedtest/download.php|access denied via filesystem
Thu 29 Apr 2010 10:53:07 +0200|127.0.0.2|/var/www/speedtest/download.php|access denied via filesystem
.
.
brief hiawatha.conf:
cgi-wrapper.conf:
brief /etc/passwd:
speed:x:5061:5061::/var/www/speedtest:/sbin/nologin
www-data:x:5068:5066::/var/www:/sbin/nologin
brief /etc/group:
speed:x:5061:
www-data:x:5066:
ls -l /var/www/speetest:
drwxr-xr-x. 2 root root 4096 29 apr 10:54 .
drwxr-xr-x. 9 root root 4096 29 apr 10:05 ..
-rw-r--r--. 1 speed speed 94 15 gen 2006 bar.gif
-rwxr-x---. 1 speed speed 910 7 feb 2006 CHANGELOG
-rwxr-x---. 1 speed speed 1620 7 feb 2006 common.php
-rwxr-x---. 1 speed speed 9497 7 feb 2006 download.php
-rw-r--r--. 1 speed speed 1180 29 apr 10:54 index.htm
-rwxr-x---. 1 speed speed 4268 7 feb 2006 INSTALL
-rw-r--r--. 1 speed speed 62967 6 feb 2006 payload.js
-rwxr-x---. 1 speed speed 5295 7 feb 2006 results.php
-rwxr-x---. 1 speed speed 4467 28 apr 21:02 speedtest.cfg
-rw-r--r--. 1 speed speed 248 7 feb 2006 style.css
-rw-r--r--. 1 speed speed 57 5 feb 2006 unallowed.html
-rwxr-x---. 1 speed speed 4750 7 feb 2006 upload.cgi
ls -l /usr/local/sbin:
-rwsr-xr-x. 1 root root 54256 28 feb 11:18 cgi-wrapper
-rwxr-xr-x. 1 root root 757376 28 feb 11:18 hiawatha
-rwxr-xr-x. 1 root root 2488 28 feb 11:18 newroot
-rwxr-xr-x. 1 root root 60381 28 feb 11:18 php-fcgi
-rwxr-xr-x. 1 root root 73146 28 feb 11:18 wigwam
mount tab on my system:
/dev/sda7 on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw,rootcontext="system_u:object_r:tmpfs_t:s0")
/dev/sda1 on /boot type ext4 (rw)
/dev/sda2 on /home type ext4 (rw,noexec,nosuid,nodev)
/dev/sda5 on /usr type ext4 (rw)
/dev/sda8 on /var type ext4 (rw)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,size=100M,rootcontext="system_u:object_r:tmp_t:s0")
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
selinux disabled for tests..... sestatus:
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
ERROR:
tail -f /var/log/hiawatha/error.log
Thu 29 Apr 2010 10:49:44 +0200|127.0.0.2|/var/www/speedtest/download.php|access denied via filesystem
Thu 29 Apr 2010 10:53:07 +0200|127.0.0.2|/var/www/speedtest/download.php|access denied via filesystem
.
.
brief hiawatha.conf:
# Hiawatha main configuration file
#
# GENERAL SETTINGS
#
ServerId = www-data
ConnectionsTotal = 150
ConnectionsPerIP = 10
SystemLogfile = /var/log/hiawatha/system.log
GarbageLogfile = /var/log/hiawatha/garbage.log
# BINDING SETTINGS
# A binding is where a client can connect to.
#
Binding {
Port = 80
Interface = 127.0.0.1
# MaxKeepAlive = 30
# TimeForRequest = 3,20
}
#
Binding {
Port = 80
Interface = 127.0.0.2
# MaxKeepAlive = 30
# TimeForRequest = 3,20
MaxRequestSize = 1024
}
# COMMON GATEWAY INTERFACE (CGI) SETTINGS
# These settings can be used to run CGI applications. Use the 'php-fcgi'
# tool to start PHP as a FastCGI daemon.
#
CGIhandler = /usr/bin/perl:pl
CGIhandler = /usr/bin/php-cgi:php
CGIextension = cgi
#
# DEFAULT WEBSITE
# It is wise to use your IP address as the hostname of the default website
# and give it a blank webpage. By doing so, automated webscanners won't find
# your possible vulnerable website.
#
Hostname = 127.0.0.1
WebsiteRoot = /var/www/hiawatha
StartFile = index.html
AccessLogfile = /var/log/hiawatha/access.log
ErrorLogfile = /var/log/hiawatha/error.log
#ErrorHandler = 404:/error.cgi
# VIRTUAL HOSTS
# Use a VirtualHost section to declare the websites you want to host.
#
VirtualHost {
Hostname = 127.0.0.2
WebsiteRoot = /var/www/speedtest
StartFile = index.htm
#AccessLogfile = /var/log/hiawatha/hotspotad/access.log
#ErrorLogfile = /var/log/hiawatha/hotspotad/error.log
ExecuteCGI = yes
#RequireSSL = yes
WrapCGI = speed
TimeForCGI = 20
}
cgi-wrapper.conf:
# CGI wrapper configuration
#
# Use the 'newroot' tool to copy applications to a chroot directory.
# CGIhandler = /path/to/cgi-handler
#
CGIhandler = /usr/bin/perl
CGIhandler = /usr/bin/php-cgi
#CGIhandler = /usr/bin/python
#CGIhandler = /usr/bin/ruby
#CGIhandler = /usr/bin/ssi-cgi
# Wrap = <wrap-id>;<cgiroot>;<userid>[:<group>]
#
#Wrap = nobody ; /var/www|nobody ; 65534:65534
#Wrap = somebody ; /var/www/site ; 1001:33,200,201
#Wrap = hugo ; ~hugo ; hugo
Wrap = speed ; /var/www/speedtest ; 501:501
brief /etc/passwd:
speed:x:5061:5061::/var/www/speedtest:/sbin/nologin
www-data:x:5068:5066::/var/www:/sbin/nologin
brief /etc/group:
speed:x:5061:
www-data:x:5066:
ls -l /var/www/speetest:
drwxr-xr-x. 2 root root 4096 29 apr 10:54 .
drwxr-xr-x. 9 root root 4096 29 apr 10:05 ..
-rw-r--r--. 1 speed speed 94 15 gen 2006 bar.gif
-rwxr-x---. 1 speed speed 910 7 feb 2006 CHANGELOG
-rwxr-x---. 1 speed speed 1620 7 feb 2006 common.php
-rwxr-x---. 1 speed speed 9497 7 feb 2006 download.php
-rw-r--r--. 1 speed speed 1180 29 apr 10:54 index.htm
-rwxr-x---. 1 speed speed 4268 7 feb 2006 INSTALL
-rw-r--r--. 1 speed speed 62967 6 feb 2006 payload.js
-rwxr-x---. 1 speed speed 5295 7 feb 2006 results.php
-rwxr-x---. 1 speed speed 4467 28 apr 21:02 speedtest.cfg
-rw-r--r--. 1 speed speed 248 7 feb 2006 style.css
-rw-r--r--. 1 speed speed 57 5 feb 2006 unallowed.html
-rwxr-x---. 1 speed speed 4750 7 feb 2006 upload.cgi
ls -l /usr/local/sbin:
-rwsr-xr-x. 1 root root 54256 28 feb 11:18 cgi-wrapper
-rwxr-xr-x. 1 root root 757376 28 feb 11:18 hiawatha
-rwxr-xr-x. 1 root root 2488 28 feb 11:18 newroot
-rwxr-xr-x. 1 root root 60381 28 feb 11:18 php-fcgi
-rwxr-xr-x. 1 root root 73146 28 feb 11:18 wigwam
mount tab on my system:
/dev/sda7 on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw,rootcontext="system_u:object_r:tmpfs_t:s0")
/dev/sda1 on /boot type ext4 (rw)
/dev/sda2 on /home type ext4 (rw,noexec,nosuid,nodev)
/dev/sda5 on /usr type ext4 (rw)
/dev/sda8 on /var type ext4 (rw)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,size=100M,rootcontext="system_u:object_r:tmp_t:s0")
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
selinux disabled for tests..... sestatus:
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
Marco
29 April 2010, 12:30
SOLVED:
missing line:
ExecuteCGI = yes
after
CGIextension = cgi
missing line:
ExecuteCGI = yes
after
CGIextension = cgi
Hugo Leisink
29 April 2010, 12:30
No problem. 
Marco
29 April 2010, 12:43
NOT SOLVED cgi-wrapper not work....
cgi don't work with speed's permission but only with rwxr-xr-x
cgi don't work with speed's permission but only with rwxr-xr-x
Hugo Leisink
29 April 2010, 15:24
In cgi-wrapper.conf, you change to uid/gid 501. Why? Speed has id 5061.
Marco
30 April 2010, 20:32
Oops, sorry Hugo was a old file, the new file is correct (see below)
cat /etc/hiawatha/cgi-wrapper.conf
but the problem is the same
cat /etc/hiawatha/cgi-wrapper.conf
# CGI wrapper configuration
#
# Use the 'newroot' tool to copy applications to a chroot directory.
# CGIhandler = /path/to/cgi-handler
#
CGIhandler = /usr/bin/perl
CGIhandler = /usr/bin/php-cgi
#CGIhandler = /usr/bin/python
#CGIhandler = /usr/bin/ruby
#CGIhandler = /usr/bin/ssi-cgi
# Wrap = <wrap-id>;<cgiroot>;<userid>[:<group>]
#
#Wrap = nobody ; /var/www|nobody ; 65534:65534
#Wrap = somebody ; /var/www/site ; 1001:33,200,201
#Wrap = hugo ; ~hugo ; hugo
Wrap = speed ; /var/www/speedtest ; 5061:5061
but the problem is the same
Hugo Leisink
2 May 2010, 09:26
I just checked the cgi-wrapper functionality. It looks like it all works as it should.
Can you please try again with SELinux disabled?
Can you please try again with SELinux disabled?
Marco
2 May 2010, 19:59
Hi Hugo, I have already try it, but I try not cost anything 
[root@home ~]# setenforce 0
[root@home ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
[root@home ~]# killall hiawatha && sleep 2 && /usr/local/sbin/hiawatha
[speed@home ~]$ ps aux | grep www-data
www-data 3933 0.0 0.1 11492 1468 ? Ssl 19:49 0:00 /usr/local/sbin/hiawatha
www-data 3940 0.0 0.3 6040 3092 ? Ss 19:49 0:00 /usr/bin/perl -w /var/www/speedtest/upload.cgi
nothing to do Hugo
[root@home ~]# setenforce 0
[root@home ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
[root@home ~]# killall hiawatha && sleep 2 && /usr/local/sbin/hiawatha
[speed@home ~]$ ps aux | grep www-data
www-data 3933 0.0 0.1 11492 1468 ? Ssl 19:49 0:00 /usr/local/sbin/hiawatha
www-data 3940 0.0 0.3 6040 3092 ? Ss 19:49 0:00 /usr/bin/perl -w /var/www/speedtest/upload.cgi
nothing to do Hugo
Hugo Leisink
2 May 2010, 22:53
Just to make sure the cgi-wrapper is working correctly, try using the following CGI script
You might need to change the '/usr/bin/id' to the right path. It should show the user id of the user 'speed'.
#!/bin/bash
echo -en "Content-Type: text/plain\r\n\r\n"
/usr/bin/id
You might need to change the '/usr/bin/id' to the right path. It should show the user id of the user 'speed'.
Marco
5 May 2010, 18:34
I'am sorry for retardation.
This is the output:
uid=5068(www-data) gid=5066(www-data) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
with selinux disabled
This is the output:
uid=5068(www-data) gid=5066(www-data) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
with selinux disabled
Hugo Leisink
5 May 2010, 23:34
The fact that the script shows uid=www-data proofs that the CGI-wrapper is not being used.
Try adding CGIwrapper = /usr/sbin/cgi-wrapper (or where ever your cgi-wrapper is installed)
Try adding CGIwrapper = /usr/sbin/cgi-wrapper (or where ever your cgi-wrapper is installed)
Marco
7 May 2010, 17:44
Hi Hugo thanks, it work 
uid=5061(speed) gid=5061(speed) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
uid=5061(speed) gid=5061(speed) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Marco
7 May 2010, 19:41
Hi Hugo thanks, it work
uid=5061(speed) gid=5061(speed) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
uid=5061(speed) gid=5061(speed) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
