CentOS - Jul 2005 - Cetos 4 with Secure Linux - Apache perl problems...

I'm trying to get perl working correctly on a new server and have a
tough time.  The server works fine for all standard web pages and hosts
about 10 domains.  Here's is my test.cgi CGI script I'm trying to run:

#!/usr/bin/perl

print "Content-type: text/html\n\n";
print "Hello!";



When I attempt to access the file via a web browers, I get this:

[Tue Jul 12 16:46:11 2005] [error] [client 209.74.180.78] (13)Permission
denied: exec of '/var/www/cgi-bin/test.cgi' failed
[Tue Jul 12 16:46:11 2005] [error] [client 209.74.180.78] Premature end
of script headers: test.cgi     

However, if I run it locally, I get the "Hello" output.  I gave the
file
777 and 755 rights (neither worked) and even gave apache ownership
(apache:apache owns the file).  Still get the Error 500 web page and the
above errors.  

So I went further and dug more.  In the httpd.conf, I established this:
AddHandler cgi-script .cgi .pl ; set this: ScriptAlias /cgi-bin/
"/var/www/cgi-bin/" ; <Directory "/var/www/cgi-bin">
    AllowOverride None
    Options ExecCGI
    Order allow,deny               
    Allow from all
</Directory>

Still no luck.... 

What am I missing?

Thanks.
Scott

Scott Heisler wrote:
> I'm trying to get perl working correctly on a new server and have a
> tough time.  The server works fine for all standard web pages and hosts
> about 10 domains.  Here's is my test.cgi CGI script I'm trying to
run:
> 
> #!/usr/bin/perl
> 
> print "Content-type: text/html\n\n";
> print "Hello!";
> 
> 
> 
> When I attempt to access the file via a web browers, I get this:
> 
> [Tue Jul 12 16:46:11 2005] [error] [client 209.74.180.78] (13)Permission
> denied: exec of '/var/www/cgi-bin/test.cgi' failed
> [Tue Jul 12 16:46:11 2005] [error] [client 209.74.180.78] Premature end
> of script headers: test.cgi     
> 
> However, if I run it locally, I get the "Hello" output.  I gave
the file
> 777 and 755 rights (neither worked) and even gave apache ownership
> (apache:apache owns the file).  Still get the Error 500 web page and the
> above errors.  
> 
> So I went further and dug more.  In the httpd.conf, I established this:
> AddHandler cgi-script .cgi .pl ; set this: ScriptAlias /cgi-bin/
> "/var/www/cgi-bin/" ; <Directory
"/var/www/cgi-bin">
>     AllowOverride None
>     Options ExecCGI
>     Order allow,deny               
>     Allow from all
> </Directory>
> 
> Still no luck.... 
> 
> What am I missing?
> 
> Thanks.
> Scott
Scott -

Which editor did you create this script in?  If you type the same thing
in (don't copy) to test1.cgi, chmod it appropriately, and then run it as
a cgi from a browser, does it run?

Thanks
-dant

> So I went further and dug more.  In the httpd.conf, I established this:
> AddHandler cgi-script .cgi .pl ; set this: ScriptAlias /cgi-bin/
> "/var/www/cgi-bin/" ; <Directory
"/var/www/cgi-bin">
>     AllowOverride None
>     Options ExecCGI
>     Order allow,deny
>     Allow from all
> </Directory>
> 
> Still no luck....
> 
> What am I missing?
> 

My guess is that selinux is enabled, and you don't have the right
selinux permissions on the file. check to make sure that you have the
right type for a cgi-bin set with ls -Z. If not use chcon as root to
set it. Consider reading the selinux documentation on cgi files. 
http://fedora.redhat.com/docs/selinux-apache-fc3/

--
Jim Perrin
System Administrator - UIT 
Ft Gordon & US Army Signal Center

On Tue, 2005-07-12 at 17:07 -0500, Scott Heisler wrote:
> I'm trying to get perl working correctly on a new server and have a
> tough time.  The server works fine for all standard web pages and hosts
> about 10 domains.  Here's is my test.cgi CGI script I'm trying to
run:
> 
> #!/usr/bin/perl
> 
> print "Content-type: text/html\n\n";
> print "Hello!";
> When I attempt to access the file via a web browers, I get this:
> 
> [Tue Jul 12 16:46:11 2005] [error] [client 209.74.180.78] (13)Permission
> denied: exec of '/var/www/cgi-bin/test.cgi' failed
> [Tue Jul 12 16:46:11 2005] [error] [client 209.74.180.78] Premature end
> of script headers: test.cgi     
> What am I missing?
http://fedora.redhat.com/docs/selinux-apache-fc3/

-- 
Ignacio Vazquez-Abrams <ivazquez at ivazquez.net>
http://centos.ivazquez.net/

gpg --keyserver hkp://subkeys.pgp.net --recv-key 38028b72
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL:
<http://lists.centos.org/pipermail/centos/attachments/20050712/93456a86/attachment-0002.sig>

Exactly where are you trying to run "test.cgi" from?  If you're
running
virtual hosts AND you do not
have the virtual hosts ScriptAlias directory under /var/www AND you're 
running SuExec then you
will get this error. Permitted ScriptAlias path is hard coded in the 
suexec binary.  I had to recompile
it here to make things happy.

So in my case there was no interaction with selinux at all, it was all 
SuExec.

Ed Clarke

Ignacio Vazquez-Abrams wrote:
>On Tue, 2005-07-12 at 17:07 -0500, Scott Heisler wrote:
>  
>
>>I'm trying to get perl working correctly on a new server and have a
>>tough time.  The server works fine for all standard web pages and hosts
>>about 10 domains.  Here's is my test.cgi CGI script I'm trying
to run:
>>
>>#!/usr/bin/perl
>>
>>print "Content-type: text/html\n\n";
>>print "Hello!";
>>    
>>
>
>  
>
>>When I attempt to access the file via a web browers, I get this:
>>
>>[Tue Jul 12 16:46:11 2005] [error] [client 209.74.180.78] (13)Permission
>>denied: exec of '/var/www/cgi-bin/test.cgi' failed
>>[Tue Jul 12 16:46:11 2005] [error] [client 209.74.180.78] Premature end
>>of script headers: test.cgi     
>>    
>>
>
>  
>
>>What am I missing?
>>    
>>
>
>http://fedora.redhat.com/docs/selinux-apache-fc3/
>
>  
>
>------------------------------------------------------------------------
>
>_______________________________________________
>CentOS mailing list
>CentOS at centos.org
>http://lists.centos.org/mailman/listinfo/centos
>  
>