Re: [Boston.pm] website problem
dan wrote: ricky writes: On Jun 25, 2015, at 2:00 PM, dan moylan j...@moylan.us wrote: richard morse writes: SELinux? On Jun 25, 2015, at 1:30 PM, dan moylan j...@moylan.us wrote: . . . oh. sounds like a good lead. i don't want to abuse your generosity but after prowling through the selinux man pages and looking at the files in /etc/selinux i'm somewhat overwhelmed. do you have any specific suggestions as to how i might fiddle selinux to fix my problem? At least in CentOS, you can start out by turning off SELinux enforcing (`setenforce`), and see if things work with permissive mode. If they do, you know that it was the problem. Also, `sestatus` to find out if SELinux is on. I don’t know what distro you’re running, so the commands might be a bit different. tnx, running fc21. root ~[394] setenforce 0 root ~[395] sestatus SELinux status: enabled SELinuxfs mount:/sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 29 unfortunately, the error persists. not any longer! it was two problems: 1st: in my code: $fll = /home/moylan/www/cgi-bin/stuff/moyts6.log; $fhl = new FileHandle (); $fhl-open ($fll, w) or die couldn't open $fll; $fhl-printf (# MOYTS6\n\n); it was apache trying to write to stuff with permissions 755 owned by moylan.moylan. i added moylan to apache groups and set stuff permissions to 775 and that got fixed. 2nd: selinux permissive mode was required. when those two things were done the script worked just fine. now, do you have any suggestions as to how i might adjust selinux for my particular problem without putting it in the permissive mode? tia, ole dan j. daniel moylan 84 harvard ave brookline, ma 02446-6202 617-777-0207 (cel) j...@moylan.us www.moylan.us [no html pls] ___ Boston-pm mailing list Boston-pm@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] website problem
On 06/28/2015 05:44 PM, dan moylan wrote: 1st: in my code: $fll = /home/moylan/www/cgi-bin/stuff/moyts6.log; $fhl = new FileHandle (); i know you haven't touched your code in ages but filehandle.pm has been deprecated for over a decade! in fact it is just a wrapper around IO::Handle. and you don't need that either for basic stuff like this. $fhl-open ($fll, w) or die couldn't open $fll; always print $! when a system call fails so you know why. it might have helped you debug this as a permissions problem if you saw the error message. $fhl-printf (# MOYTS6\n\n); why printf when you have no %patterns or data? use plain print for that. thanx, uri ___ Boston-pm mailing list Boston-pm@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] website problem
On Sun, Jun 28, 2015 at 05:44:11PM -0400, dan moylan wrote: 1st: in my code: $fll = /home/moylan/www/cgi-bin/stuff/moyts6.log; $fhl = new FileHandle (); $fhl-open ($fll, w) or die couldn't open $fll; $fhl-printf (# MOYTS6\n\n); it was apache trying to write to stuff with permissions 755 owned by moylan.moylan. i added moylan to apache groups and set stuff permissions to 775 and that got fixed. 2nd: selinux permissive mode was required. when those two things were done the script worked just fine. now, do you have any suggestions as to how i might adjust selinux for my particular problem without putting it in the permissive mode? Is there a special reason why the cgi directory is writable by the web server? It's a more usual practice to place log files in a separate directory from code and make sure that the code directory is NOT writable by the web server. One of the benefits of a separate logging directory is that this problem goes away and your system is more secure. ___ Boston-pm mailing list Boston-pm@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm
[Boston.pm] website problem
my website moylan.us containes several cgi scripts, which
have run fine for years and continue to do so. my local
versions used to run fine, but no longer do. to check, i
cobbled up a test script which exhibits the problem.
#! /usr/bin/perl -wT -I./
# moyts6.cgi
use strict;
BEGIN {
$ENV{PATH} = /bin:/usr/bin;
delete @ENV{ qw(IFS CDPATH ENV BASH_ENV) };
}
use CGI;
use CGI::Carp qw (fatalsToBrowser);
use FileHandle;
my ($fhl, $fll, $time, );
$time = localtime;
$fll = /home/moylan/www/cgi-bin/stuff/moyts6.log;
$fhl = new FileHandle ();
$fhl-open ($fll, w) or die couldn't open $fll;
$fhl-printf (# MOYTS6\n\n);
print Content-type: text/html\n\n;
print END_OF_PAGE;
html
head
title moyts6 /title
/head
body
h1Test Page -- moyts6/h1
p paragraph 1 /p
p paragraph 2 /p
p time: $time /p
/body
/html
END_OF_PAGE
ON-LINE SITE (moylan.us)
theodore:moylan:~/www/cgi-bin/stuff [1003] uname -a
Linux theodore.genwebserver.com
2.6.32-531.29.2.lve1.3.11.1.el6.x86_64
#1 SMP Thu Dec 18 06:49:17 EST 2014
x86_64 x86_64 x86_64 GNU/Linux
theodore:moylan:~/www/cgi-bin/stuff [1004] perl --version
This is perl, v5.10.1 (*)
built for x86_64-linux-thread-multi
when moyts6.cgi runs
aok
LOCAL SITE (localhost)
moylan stuff [1024] uname -a
Linux aldeberon
4.0.5-200.fc21.x86_64
#1 SMP Mon Jun 8 16:25:02 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
moylan stuff[1030] perl --version
This is perl 5, version 18, subversion 4 (v5.18.4)
built for x86_64-linux-thread-multi
(with 23 registered patches, see perl -V for more detail)
when moyts6.cgi runs
Software error:
couldn't open /home/moylan/www/cgi-bin/stuff/moyts6.log
at /var/www/html/moylan/cgi-bin/moyts6.cgi line 20.
the file permissions seem fine. i even tried it out writing
the log file to /tst/moyts6.log where tst has 777
permissions -- same results.
any suggestions would be most appreciated.
tia,
ole dan
j. daniel moylan
84 harvard ave
brookline, ma 02446-6202
617-777-0207 (cel)
j...@moylan.us
www.moylan.us
[no html pls]
___
Boston-pm mailing list
Boston-pm@mail.pm.org
http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] website problem
SELinux?
On Jun 25, 2015, at 1:30 PM, dan moylan j...@moylan.us wrote:
my website moylan.us containes several cgi scripts, which
have run fine for years and continue to do so. my local
versions used to run fine, but no longer do. to check, i
cobbled up a test script which exhibits the problem.
#! /usr/bin/perl -wT -I./
# moyts6.cgi
use strict;
BEGIN {
$ENV{PATH} = /bin:/usr/bin;
delete @ENV{ qw(IFS CDPATH ENV BASH_ENV) };
}
use CGI;
use CGI::Carp qw (fatalsToBrowser);
use FileHandle;
my ($fhl, $fll, $time, );
$time = localtime;
$fll = /home/moylan/www/cgi-bin/stuff/moyts6.log;
$fhl = new FileHandle ();
$fhl-open ($fll, w) or die couldn't open $fll;
$fhl-printf (# MOYTS6\n\n);
print Content-type: text/html\n\n;
print END_OF_PAGE;
html
head
title moyts6 /title
/head
body
h1Test Page -- moyts6/h1
p paragraph 1 /p
p paragraph 2 /p
p time: $time /p
/body
/html
END_OF_PAGE
ON-LINE SITE (moylan.us)
theodore:moylan:~/www/cgi-bin/stuff [1003] uname -a
Linux theodore.genwebserver.com
2.6.32-531.29.2.lve1.3.11.1.el6.x86_64
#1 SMP Thu Dec 18 06:49:17 EST 2014
x86_64 x86_64 x86_64 GNU/Linux
theodore:moylan:~/www/cgi-bin/stuff [1004] perl --version
This is perl, v5.10.1 (*)
built for x86_64-linux-thread-multi
when moyts6.cgi runs
aok
LOCAL SITE (localhost)
moylan stuff [1024] uname -a
Linux aldeberon
4.0.5-200.fc21.x86_64
#1 SMP Mon Jun 8 16:25:02 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
moylan stuff[1030] perl --version
This is perl 5, version 18, subversion 4 (v5.18.4)
built for x86_64-linux-thread-multi
(with 23 registered patches, see perl -V for more detail)
when moyts6.cgi runs
Software error:
couldn't open /home/moylan/www/cgi-bin/stuff/moyts6.log
at /var/www/html/moylan/cgi-bin/moyts6.cgi line 20.
the file permissions seem fine. i even tried it out writing
the log file to /tst/moyts6.log where tst has 777
permissions -- same results.
any suggestions would be most appreciated.
tia,
ole dan
j. daniel moylan
84 harvard ave
brookline, ma 02446-6202
617-777-0207 (cel)
j...@moylan.us
www.moylan.us
[no html pls]
___
Boston-pm mailing list
Boston-pm@mail.pm.org
http://mail.pm.org/mailman/listinfo/boston-pm
The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.
___
Boston-pm mailing list
Boston-pm@mail.pm.org
http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] website problem
On Jun 25, 2015, at 2:00 PM, dan moylan j...@moylan.us wrote: richard morse writes: SELinux? On Jun 25, 2015, at 1:30 PM, dan moylan j...@moylan.us wrote: . . . oh. sounds like a good lead. i don't want to abuse your generosity but after prowling through the selinux man pages and looking at the files in /etc/selinux i'm somewhat overwhelmed. do you have any specific suggestions as to how i might fiddle selinux to fix my problem? At least in CentOS, you can start out by turning off SELinux enforcing (`setenforce`), and see if things work with permissive mode. If they do, you know that it was the problem. Also, `sestatus` to find out if SELinux is on. I don’t know what distro you’re running, so the commands might be a bit different. Ricky The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ___ Boston-pm mailing list Boston-pm@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] website problem
ricky writes: On Jun 25, 2015, at 2:00 PM, dan moylan j...@moylan.us wrote: richard morse writes: SELinux? On Jun 25, 2015, at 1:30 PM, dan moylan j...@moylan.us wrote: . . . oh. sounds like a good lead. i don't want to abuse your generosity but after prowling through the selinux man pages and looking at the files in /etc/selinux i'm somewhat overwhelmed. do you have any specific suggestions as to how i might fiddle selinux to fix my problem? At least in CentOS, you can start out by turning off SELinux enforcing (`setenforce`), and see if things work with permissive mode. If they do, you know that it was the problem. Also, `sestatus` to find out if SELinux is on. I don’t know what distro you’re running, so the commands might be a bit different. tnx, running fc21. root ~[394] setenforce 0 root ~[395] sestatus SELinux status: enabled SELinuxfs mount:/sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 29 unfortunately, the error persists. ole dan j. daniel moylan 84 harvard ave brookline, ma 02446-6202 617-777-0207 (cel) j...@moylan.us www.moylan.us [no html pls] ___ Boston-pm mailing list Boston-pm@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] website problem
richard morse writes: SELinux? On Jun 25, 2015, at 1:30 PM, dan moylan j...@moylan.us wrote: . . . oh. sounds like a good lead. i don't want to abuse your generosity but after prowling through the selinux man pages and looking at the files in /etc/selinux i'm somewhat overwhelmed. do you have any specific suggestions as to how i might fiddle selinux to fix my problem? tia, ole dan j. daniel moylan 84 harvard ave brookline, ma 02446-6202 617-777-0207 (cel) j...@moylan.us www.moylan.us [no html pls] ___ Boston-pm mailing list Boston-pm@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm
