Re: [Boston.pm] website problem
dan wrote: ricky writes: On Jun 25, 2015, at 2:00 PM, dan moylan j...@moylan.us wrote: richard morse writes: SELinux? On Jun 25, 2015, at 1:30 PM, dan moylan j...@moylan.us wrote: . . . oh. sounds like a good lead. i don't want to abuse your generosity but after prowling through the selinux man pages and looking at the files in /etc/selinux i'm somewhat overwhelmed. do you have any specific suggestions as to how i might fiddle selinux to fix my problem? At least in CentOS, you can start out by turning off SELinux enforcing (`setenforce`), and see if things work with permissive mode. If they do, you know that it was the problem. Also, `sestatus` to find out if SELinux is on. I don’t know what distro you’re running, so the commands might be a bit different. tnx, running fc21. root ~[394] setenforce 0 root ~[395] sestatus SELinux status: enabled SELinuxfs mount:/sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 29 unfortunately, the error persists. not any longer! it was two problems: 1st: in my code: $fll = /home/moylan/www/cgi-bin/stuff/moyts6.log; $fhl = new FileHandle (); $fhl-open ($fll, w) or die couldn't open $fll; $fhl-printf (# MOYTS6\n\n); it was apache trying to write to stuff with permissions 755 owned by moylan.moylan. i added moylan to apache groups and set stuff permissions to 775 and that got fixed. 2nd: selinux permissive mode was required. when those two things were done the script worked just fine. now, do you have any suggestions as to how i might adjust selinux for my particular problem without putting it in the permissive mode? tia, ole dan j. daniel moylan 84 harvard ave brookline, ma 02446-6202 617-777-0207 (cel) j...@moylan.us www.moylan.us [no html pls] ___ Boston-pm mailing list Boston-pm@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] website problem
On 06/28/2015 05:44 PM, dan moylan wrote: 1st: in my code: $fll = /home/moylan/www/cgi-bin/stuff/moyts6.log; $fhl = new FileHandle (); i know you haven't touched your code in ages but filehandle.pm has been deprecated for over a decade! in fact it is just a wrapper around IO::Handle. and you don't need that either for basic stuff like this. $fhl-open ($fll, w) or die couldn't open $fll; always print $! when a system call fails so you know why. it might have helped you debug this as a permissions problem if you saw the error message. $fhl-printf (# MOYTS6\n\n); why printf when you have no %patterns or data? use plain print for that. thanx, uri ___ Boston-pm mailing list Boston-pm@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] website problem
On Sun, Jun 28, 2015 at 05:44:11PM -0400, dan moylan wrote: 1st: in my code: $fll = /home/moylan/www/cgi-bin/stuff/moyts6.log; $fhl = new FileHandle (); $fhl-open ($fll, w) or die couldn't open $fll; $fhl-printf (# MOYTS6\n\n); it was apache trying to write to stuff with permissions 755 owned by moylan.moylan. i added moylan to apache groups and set stuff permissions to 775 and that got fixed. 2nd: selinux permissive mode was required. when those two things were done the script worked just fine. now, do you have any suggestions as to how i might adjust selinux for my particular problem without putting it in the permissive mode? Is there a special reason why the cgi directory is writable by the web server? It's a more usual practice to place log files in a separate directory from code and make sure that the code directory is NOT writable by the web server. One of the benefits of a separate logging directory is that this problem goes away and your system is more secure. ___ Boston-pm mailing list Boston-pm@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm
[Boston.pm] website problem
my website moylan.us containes several cgi scripts, which have run fine for years and continue to do so. my local versions used to run fine, but no longer do. to check, i cobbled up a test script which exhibits the problem. #! /usr/bin/perl -wT -I./ # moyts6.cgi use strict; BEGIN { $ENV{PATH} = /bin:/usr/bin; delete @ENV{ qw(IFS CDPATH ENV BASH_ENV) }; } use CGI; use CGI::Carp qw (fatalsToBrowser); use FileHandle; my ($fhl, $fll, $time, ); $time = localtime; $fll = /home/moylan/www/cgi-bin/stuff/moyts6.log; $fhl = new FileHandle (); $fhl-open ($fll, w) or die couldn't open $fll; $fhl-printf (# MOYTS6\n\n); print Content-type: text/html\n\n; print END_OF_PAGE; html head title moyts6 /title /head body h1Test Page -- moyts6/h1 p paragraph 1 /p p paragraph 2 /p p time: $time /p /body /html END_OF_PAGE ON-LINE SITE (moylan.us) theodore:moylan:~/www/cgi-bin/stuff [1003] uname -a Linux theodore.genwebserver.com 2.6.32-531.29.2.lve1.3.11.1.el6.x86_64 #1 SMP Thu Dec 18 06:49:17 EST 2014 x86_64 x86_64 x86_64 GNU/Linux theodore:moylan:~/www/cgi-bin/stuff [1004] perl --version This is perl, v5.10.1 (*) built for x86_64-linux-thread-multi when moyts6.cgi runs aok LOCAL SITE (localhost) moylan stuff [1024] uname -a Linux aldeberon 4.0.5-200.fc21.x86_64 #1 SMP Mon Jun 8 16:25:02 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux moylan stuff[1030] perl --version This is perl 5, version 18, subversion 4 (v5.18.4) built for x86_64-linux-thread-multi (with 23 registered patches, see perl -V for more detail) when moyts6.cgi runs Software error: couldn't open /home/moylan/www/cgi-bin/stuff/moyts6.log at /var/www/html/moylan/cgi-bin/moyts6.cgi line 20. the file permissions seem fine. i even tried it out writing the log file to /tst/moyts6.log where tst has 777 permissions -- same results. any suggestions would be most appreciated. tia, ole dan j. daniel moylan 84 harvard ave brookline, ma 02446-6202 617-777-0207 (cel) j...@moylan.us www.moylan.us [no html pls] ___ Boston-pm mailing list Boston-pm@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] website problem
SELinux? On Jun 25, 2015, at 1:30 PM, dan moylan j...@moylan.us wrote: my website moylan.us containes several cgi scripts, which have run fine for years and continue to do so. my local versions used to run fine, but no longer do. to check, i cobbled up a test script which exhibits the problem. #! /usr/bin/perl -wT -I./ # moyts6.cgi use strict; BEGIN { $ENV{PATH} = /bin:/usr/bin; delete @ENV{ qw(IFS CDPATH ENV BASH_ENV) }; } use CGI; use CGI::Carp qw (fatalsToBrowser); use FileHandle; my ($fhl, $fll, $time, ); $time = localtime; $fll = /home/moylan/www/cgi-bin/stuff/moyts6.log; $fhl = new FileHandle (); $fhl-open ($fll, w) or die couldn't open $fll; $fhl-printf (# MOYTS6\n\n); print Content-type: text/html\n\n; print END_OF_PAGE; html head title moyts6 /title /head body h1Test Page -- moyts6/h1 p paragraph 1 /p p paragraph 2 /p p time: $time /p /body /html END_OF_PAGE ON-LINE SITE (moylan.us) theodore:moylan:~/www/cgi-bin/stuff [1003] uname -a Linux theodore.genwebserver.com 2.6.32-531.29.2.lve1.3.11.1.el6.x86_64 #1 SMP Thu Dec 18 06:49:17 EST 2014 x86_64 x86_64 x86_64 GNU/Linux theodore:moylan:~/www/cgi-bin/stuff [1004] perl --version This is perl, v5.10.1 (*) built for x86_64-linux-thread-multi when moyts6.cgi runs aok LOCAL SITE (localhost) moylan stuff [1024] uname -a Linux aldeberon 4.0.5-200.fc21.x86_64 #1 SMP Mon Jun 8 16:25:02 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux moylan stuff[1030] perl --version This is perl 5, version 18, subversion 4 (v5.18.4) built for x86_64-linux-thread-multi (with 23 registered patches, see perl -V for more detail) when moyts6.cgi runs Software error: couldn't open /home/moylan/www/cgi-bin/stuff/moyts6.log at /var/www/html/moylan/cgi-bin/moyts6.cgi line 20. the file permissions seem fine. i even tried it out writing the log file to /tst/moyts6.log where tst has 777 permissions -- same results. any suggestions would be most appreciated. tia, ole dan j. daniel moylan 84 harvard ave brookline, ma 02446-6202 617-777-0207 (cel) j...@moylan.us www.moylan.us [no html pls] ___ Boston-pm mailing list Boston-pm@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ___ Boston-pm mailing list Boston-pm@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] website problem
On Jun 25, 2015, at 2:00 PM, dan moylan j...@moylan.us wrote: richard morse writes: SELinux? On Jun 25, 2015, at 1:30 PM, dan moylan j...@moylan.us wrote: . . . oh. sounds like a good lead. i don't want to abuse your generosity but after prowling through the selinux man pages and looking at the files in /etc/selinux i'm somewhat overwhelmed. do you have any specific suggestions as to how i might fiddle selinux to fix my problem? At least in CentOS, you can start out by turning off SELinux enforcing (`setenforce`), and see if things work with permissive mode. If they do, you know that it was the problem. Also, `sestatus` to find out if SELinux is on. I don’t know what distro you’re running, so the commands might be a bit different. Ricky The information in this e-mail is intended only for the person to whom it is addressed. If you believe this e-mail was sent to you in error and the e-mail contains patient information, please contact the Partners Compliance HelpLine at http://www.partners.org/complianceline . If the e-mail was sent to you in error but does not contain patient information, please contact the sender and properly dispose of the e-mail. ___ Boston-pm mailing list Boston-pm@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] website problem
ricky writes: On Jun 25, 2015, at 2:00 PM, dan moylan j...@moylan.us wrote: richard morse writes: SELinux? On Jun 25, 2015, at 1:30 PM, dan moylan j...@moylan.us wrote: . . . oh. sounds like a good lead. i don't want to abuse your generosity but after prowling through the selinux man pages and looking at the files in /etc/selinux i'm somewhat overwhelmed. do you have any specific suggestions as to how i might fiddle selinux to fix my problem? At least in CentOS, you can start out by turning off SELinux enforcing (`setenforce`), and see if things work with permissive mode. If they do, you know that it was the problem. Also, `sestatus` to find out if SELinux is on. I don’t know what distro you’re running, so the commands might be a bit different. tnx, running fc21. root ~[394] setenforce 0 root ~[395] sestatus SELinux status: enabled SELinuxfs mount:/sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 29 unfortunately, the error persists. ole dan j. daniel moylan 84 harvard ave brookline, ma 02446-6202 617-777-0207 (cel) j...@moylan.us www.moylan.us [no html pls] ___ Boston-pm mailing list Boston-pm@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] website problem
richard morse writes: SELinux? On Jun 25, 2015, at 1:30 PM, dan moylan j...@moylan.us wrote: . . . oh. sounds like a good lead. i don't want to abuse your generosity but after prowling through the selinux man pages and looking at the files in /etc/selinux i'm somewhat overwhelmed. do you have any specific suggestions as to how i might fiddle selinux to fix my problem? tia, ole dan j. daniel moylan 84 harvard ave brookline, ma 02446-6202 617-777-0207 (cel) j...@moylan.us www.moylan.us [no html pls] ___ Boston-pm mailing list Boston-pm@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm