This question did not garner any replies but fortunately I have solved it
myself.
For the sake of anyone else who runs into similar issues, the problem was
caused by SELINUX which was configured for targeted enforcement of security
policy. I have for now disabled it and got round the problem. I may have to
re-enable it and see how to configure it not to restrict the things that have
caused issue which as well as opening xterms, include issuing remote commands
and printing of newline characters from the second level script via apache.
From: Bell, Alvin
Sent: February-14-14 11:35 AM
To: 'users@httpd.apache.org'
Subject: Xserver authorization running scripts via Apache
I am trying to run a simple script which brings up a gnome terminal on the
user's display. I have created a perl cgi script which calls a shell script
using a system call. If I run the perl cgi script from the command line, it
brings up the gnome terminal correctly. If I try running the perl cgi script
via the Apache web server, I get the following error in
/var/log/httpd/error_log:
<Date> [error] [client 10.61.8.152] Failed to parse arguments: Cannot open
display: 10.61.8.152:0.0 ...
The obvious answer would be that I am not setting the DISPLAY environment
variable or that xhost is not set to allow the display. I have tried setting
the DISPLAY variable but am specifying the display parameter as argument for
gnome-terminal in any case. I have used xhost + to ensure it is not restricting
it but I still get the error.
The perl cgi script call is made with:
my @args=("/tmp/monitor.sh &");
my $status=system("@args");
The monitor.sh shell script call for xterm is made with:
gnome-terminal -display=10.61.8.152:0.0 -geometry=125x24 -hide-menubar
-title="My title"
I am initially testing this out locally on the apache server system so the
display address is that of the Apache server. The server has a running Xserver
and as mentioned, the script works if called from the command line.
I have setup Apache to run as a local user rather than Apache user. The scripts
are both owned by this same user and have permissions set accordingly. I added
a command in the shell script to create a text file. When run via the Apache
server, the file is created with the ownership of the user I specified
confirming that the shell is being run as the expected user.
I have also tried making the call using ssh with -X option from either the
cgi-script or the shell script but, despite setting up ssh to allow
passwordless login for the user in question and again, seeing it run OK from
command line, I have problems running via Apache server, getting the error:
<Date> [error] [client 10.61.8.152] ssh: connect to host <hostname> port 22:
Permission denied ...
If I try calling the gnome terminal directly from the perl cgi script, I get
the same errors stated. I would prefer to start it from the shell script though
since I want to run other commands from the script too and it would be easier.
Apache info:
Server version: Apache/2.2.15 (Unix)
Server built: Dec 5 2012 04:03:01
Unix info:
Redhat 6.4 x86_64
Any help would be greatly appreciated,
Thanks,
Alvin
