It is. I checked that first.
I spent hours researching this last night and didn't send out a note
because it was so late. It turns out that the newer versions of Redhat
Linux are shiped with a security system called SELINUX that has some
roots with the NSA. It would appear that it was designed specifially to
address security policy with Apache servers. It creates a set of rules
that allow/dis-allow specific kinds of access based on security
contexts. All of the security contexts it ships with appear to be for
Apache's httpd.
The error I was getting was because SELINUX ships with a security policy
that prohibits any CGI script from executing any other executable on the
system. This is evidently creatd to prevent compromise of a script
taking over the system.
I spent hours trying to interpret the very dense docs that I could find
and the way this works is that you create security policies in a source
directory under /etc/selinux and then re-make the security policy. The
problem is that it doesn't appear that my server install came with the
policy generator, merely a set of policies. I then quit and changed the
security level in /etc/selinux/config to permissive. This merely
generates warnings instead of errors.
Is this a secret? Why does no one know about this selinux thing? Anyway,
I turned it off for now. Maybe I'll go back and figure it out later.
Thanks.
Andres Monroy-Hernandez wrote:
The java virtual machine should be executable to the user that is
running the apache daemon. Also your java program should be readable to
the same user. Is that the case? What is the command that that you're
executing from your CGI?
By the way, what you're doing is not the best performance wise. It seems
that every time someone executes the CGI the JVM is loaded. There must
be better ways of doing what you want, but that's outside the scope of
your question.
Cheers,
Andres
-----Original Message-----
From: Thom Hehl [mailto:[EMAIL PROTECTED]
Sent: Monday, July 18, 2005 7:32 PM
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] CGI path problem
OK. I figured out to place the path in /etc/init.d/httpd and now I can
find the program. Now I'm getting the error:
sh:/opt/java/bin/java: Permission denied
The permissions on java are 755, which should allow execution. Is there
something that prevents CGI scripts from calling other binaries?
Thanks.
Thom Hehl wrote:
I have a CGI program that calls a java program. I have placed the
java/bin directory into my PATH in /etc/bashrc (Redhat Linux) and can
run my CGI fine from the command prompt. When I execute it through the
web server, though, I get the following message in my error.log:
"sh: java: command not found"
I am reading this as Apache cannot find the java binary. Is there
something I'm missing? Maybe a path somewhere in httpd.conf?
Thanks
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]