|P is for Practical|
Re^3: System and CGI - File Created but not the Contentby scorpio17 (Monsignor)
|on Sep 18, 2007 at 14:11 UTC||Need Help??|
I've written some CGI scripts under Fedora Core 4 (similar to Red hat) running SELinux, and there are some things you have to watch out for.
The easiest way to verify if this is the problem: log in as root, then use this command:
This will turn off the enforcement of SELinux security checks - but not the checking. Errors will continue to be logged. On my system the default location was /var/log/messages (this may vary from one flavor of linux to another).
If the error with the CGI script goes away, you know it's SELinux. The log file should help give you a clue as to where the problem is. Turn enforcing back on with:
If you want a CGI script to be able to write a file, the directory it's writing to much have read and execute permission:
chmod 755 output_dir
It must also have the proper SELinux security context:
chcon -t httpd_sys_content_t output_dir
Also, you have to remember that the CGI script runs with the user id of the web server. For apache, this is usually 'nobody' or 'www'. Make sure this user has permission to run the external executable (ameme?). Then make sure the executable has the the proper security context:
chmod 755 ameme
You can use "ls -lZ" to check the current security context settings.
Note also that the log file will contain errors that say what the expected context is, in the case SELinux blocks something from running. It will also give the path to the offending directory or executable.