At 02:14 PM 2/11/2008 -0500, Joshua Slive wrote:
On Feb 11, 2008 1:38 PM, Bennett Haselton <[EMAIL PROTECTED]> wrote:
> I am trying to run a CGI script that can open /var/log/httpd/access_log
for
> reading and parse some data from it. (This is on a dedicated machine.)
>
> The file /var/log/httpd/access_log is owned by root, but that's not the
> problem. I have other files owned by root that are in the
/var/www/html
> directory and CGI scripts can read those with no problem (because they
are
> world-*readable*, just like /var/log/httpd/access_log is). The problem
is
> that apparently CGI scripts cannot open any files for reading that are
> located outside of /var/www .
There is no setting in the default apache install that could impose
that restriction. Are you running SELinux perhaps?
Well I'm running the CentOS 4.4 distro, but according to
http://en.wikipedia.org/wiki/Selinux , SELinux is not actually a distro, so
not mutually exclusive with CentOS. So could this machine be running
SELinux? How do I tell? The hosting company set it up for me.
Have you tried
"setenforce 0" to see if the issue goes away?
Well, damn. I do believe that fixed it. Thanks!
In general, the most secure way to deal with tasks that are beyond the
permissions of your apache child processes is to use "sudo". But I bet
your problem is an OS configuration issue. If the file is
world-readable, your cgi scripts should be able to read it.
My CGI scripts can read world-readable files when those files are under
/var/www, just not when the world-readable files are located anywhere else.
-Bennett
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
