Hello all,
System info: Apache/2.2.9 (Fedora)
Installing dbman for testing a web tool idea.
I have placed dbman files into /var/www/cgi-bin folder. Once I start the default (Test) database I'm able to enter the user name and password (admin). After authentication CGI crashes giving the following error: (Note: Folder permissions have already been set to "777")
CGI ERROR
==========================================
Error Message : unable to open auth file: ./auth/. Reason: Permission denied
Script Location : /var/www/cgi-bin/dbman/db.cgi
Perl Version : 5.008008
Setup File : default.cfg
Session ID : admin.122121273337274
Form Variables
-------------------------------------------
db : default
login : Logon
pw : admin
uid :
userid : admin
Environment Variables
-------------------------------------------
CONTENT_LENGTH : 49
CONTENT_TYPE : application/x-www-form-urlencoded
DOCUMENT_ROOT : /var/www/html
GATEWAY_INTERFACE : CGI/1.1
HTTP_ACCEPT : text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
HTTP_ACCEPT_CHARSET : ISO-8859-1,utf-8;q=0.7,*;q=0.7
HTTP_ACCEPT_ENCODING: gzip,deflate
HTTP_ACCEPT_LANGUAGE: en-us,en;q=0.5
HTTP_CONNECTION : keep-alive
HTTP_HOST : localhost
HTTP_KEEP_ALIVE : 300
HTTP_REFERER : http://localhost/cgi-bin/dbman/db.cgi
HTTP_USER_AGENT : Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080715 Fedora/2.0.0.16-1.fc8 Firefox/2.0.0.16
PATH : /sbin:/usr/sbin:/bin:/usr/bin
QUERY_STRING :
REMOTE_ADDR : 127.0.0.1
REMOTE_PORT : 54611
REQUEST_METHOD : POST
REQUEST_URI : /cgi-bin/dbman/db.cgi
SCRIPT_FILENAME : /var/www/cgi-bin/dbman/db.cgi
SCRIPT_NAME : /cgi-bin/dbman/db.cgi
SERVER_ADDR : 127.0.0.1
SERVER_ADMIN : root@localhost
SERVER_NAME : localhost
SERVER_PORT : 80
SERVER_PROTOCOL : HTTP/1.1
SERVER_SIGNATURE : Apache/2.2.9 (Fedora) Server at localhost Port 80
SERVER_SOFTWARE : Apache/2.2.9 (Fedora)
At the same time SELinux gives me the following error.
***** Summary *****
SELinux prevented httpd reading and writing access to http files. Detailed DescriptionSELinux prevented httpd reading and writing access to http files. Ordinarily httpd is allowed full access to all files labeled with http file context. This machine has a tightened security policy with the httpd_unified turned off, this requires explicit labeling of all files. If a file is a cgi script it needs to be labeled with httpd_TYPE_script_exec_t in order to be executed. If it is read-only content, it needs to be labeled httpd_TYPE_content_t, it is writable content. it needs to be labeled httpd_TYPE_script_rw_t or httpd_TYPE_script_ra_t. You can use the chcon command to change these contexts. Please refer to the man page "man httpd_selinux" or FAQ "TYPE" refers to one of "sys", "user" or "staff" or potentially other script types.
***** Allowing Access *****
Changing the "httpd_unified" boolean to true will allow this access: "setsebool -P httpd_unified=1" The following command will allow this access:setsebool -P httpd_unified=1
The suggested fix from SELinux "setsebool -P httpd_unified=1" command does nothing to allow dbman to run.
I have disabled SELinux to check for functionality. Everything works fine with SELinux disabled.
But my problem is I need to run SELinux as part of our server. Has anyone else run into this and fixed it. If so please advise.
Thanks
Andy
System info: Apache/2.2.9 (Fedora)
Installing dbman for testing a web tool idea.
I have placed dbman files into /var/www/cgi-bin folder. Once I start the default (Test) database I'm able to enter the user name and password (admin). After authentication CGI crashes giving the following error: (Note: Folder permissions have already been set to "777")
CGI ERROR
==========================================
Error Message : unable to open auth file: ./auth/. Reason: Permission denied
Script Location : /var/www/cgi-bin/dbman/db.cgi
Perl Version : 5.008008
Setup File : default.cfg
Session ID : admin.122121273337274
Form Variables
-------------------------------------------
db : default
login : Logon
pw : admin
uid :
userid : admin
Environment Variables
-------------------------------------------
CONTENT_LENGTH : 49
CONTENT_TYPE : application/x-www-form-urlencoded
DOCUMENT_ROOT : /var/www/html
GATEWAY_INTERFACE : CGI/1.1
HTTP_ACCEPT : text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
HTTP_ACCEPT_CHARSET : ISO-8859-1,utf-8;q=0.7,*;q=0.7
HTTP_ACCEPT_ENCODING: gzip,deflate
HTTP_ACCEPT_LANGUAGE: en-us,en;q=0.5
HTTP_CONNECTION : keep-alive
HTTP_HOST : localhost
HTTP_KEEP_ALIVE : 300
HTTP_REFERER : http://localhost/cgi-bin/dbman/db.cgi
HTTP_USER_AGENT : Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.16) Gecko/20080715 Fedora/2.0.0.16-1.fc8 Firefox/2.0.0.16
PATH : /sbin:/usr/sbin:/bin:/usr/bin
QUERY_STRING :
REMOTE_ADDR : 127.0.0.1
REMOTE_PORT : 54611
REQUEST_METHOD : POST
REQUEST_URI : /cgi-bin/dbman/db.cgi
SCRIPT_FILENAME : /var/www/cgi-bin/dbman/db.cgi
SCRIPT_NAME : /cgi-bin/dbman/db.cgi
SERVER_ADDR : 127.0.0.1
SERVER_ADMIN : root@localhost
SERVER_NAME : localhost
SERVER_PORT : 80
SERVER_PROTOCOL : HTTP/1.1
SERVER_SIGNATURE : Apache/2.2.9 (Fedora) Server at localhost Port 80
SERVER_SOFTWARE : Apache/2.2.9 (Fedora)
At the same time SELinux gives me the following error.
***** Summary *****
SELinux prevented httpd reading and writing access to http files. Detailed DescriptionSELinux prevented httpd reading and writing access to http files. Ordinarily httpd is allowed full access to all files labeled with http file context. This machine has a tightened security policy with the httpd_unified turned off, this requires explicit labeling of all files. If a file is a cgi script it needs to be labeled with httpd_TYPE_script_exec_t in order to be executed. If it is read-only content, it needs to be labeled httpd_TYPE_content_t, it is writable content. it needs to be labeled httpd_TYPE_script_rw_t or httpd_TYPE_script_ra_t. You can use the chcon command to change these contexts. Please refer to the man page "man httpd_selinux" or FAQ "TYPE" refers to one of "sys", "user" or "staff" or potentially other script types.
***** Allowing Access *****
Changing the "httpd_unified" boolean to true will allow this access: "setsebool -P httpd_unified=1" The following command will allow this access:setsebool -P httpd_unified=1
The suggested fix from SELinux "setsebool -P httpd_unified=1" command does nothing to allow dbman to run.
I have disabled SELinux to check for functionality. Everything works fine with SELinux disabled.
But my problem is I need to run SELinux as part of our server. Has anyone else run into this and fixed it. If so please advise.
Thanks
Andy
SELinux prevented reading and writing access to dbman files.