The directory perms are ok (directory 0755, files 0705); you can see the content of the script but not execute it.
On Tue, Feb 4, 2020 at 2:12 AM Igor Cicimov <icici...@gmail.com> wrote: > Should have said "exported" with noexec instead of mounted to make it more > clear. Then it doesn't matter what you do on the client side you will still > not be able to run exe files. > > Since this is not the case maybe the perms of the directories on that path > have no exe permissions them self? > > IC > > On Fri, Jan 31, 2020, 10:46 PM Michele Mase' <michele.m...@gmail.com> > wrote: > >> From fstab: >> 10.10.10.10:/vol/shared /shared nfs >> defaults,exec,tcp,vers=3,intr,_netdev 0 0 >> From /proc/mounts >> 10.10.10.10:/vol/shared /shared nfs >> rw,relatime,vers=3,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=10.10.10.10,mountvers=3,mountport=635,mountproto=tcp,local_lock=none,addr=10.10.10.10 >> 0 0 >> The apache process user can execute scripts under nfs share: >> su - www-data -s /bin/bash -c "/shared/www_root/cgi2/test.sh" #working >> >> >> On Thu, Jan 30, 2020 at 8:57 PM Igor Cicimov <icici...@gmail.com> wrote: >> >>> On Wed, Jan 29, 2020, 11:35 PM Michele Mase' <michele.m...@gmail.com> >>> wrote: >>> >>>> I'm trying to execute some gci scripts under a certain directory stored >>>> under an nfs share without any success; the same configuration is working >>>> outside nfs share (i.e. under local filesystem). >>>> What am I missing? >>>> Regards >>>> Michele Masè >>>> >>>> Local Working: curl https://www.example.com/cgi2/ >>>> >>>> Alias /cgi2/ /var/www/html.default/cgi2/ >>>> <Directory "/var/www/html.default/cgi2"> >>>> AddHandler cgi-script .cgi .pl .sh >>>> DirectoryIndex index.cgi index.html >>>> Options +ExecCGI >>>> </Directory> >>>> >>>> >>>> NFS Not Working: >>>> Alias /cgi2/ /shared/www_root/cgi2/ >>>> <Directory "/shared/www_root/cgi2/"> >>>> AddHandler cgi-script .cgi .pl .sh >>>> DirectoryIndex index.cgi index.html >>>> Options +ExecCGI >>>> </Directory> >>>> >>>> Error_Log: >>>> AH01262: Options ExecCGI is off in this directory: >>>> /shared/www_root/cgi2/index.cgi >>>> >>>> index.cgi script >>>> >>>> #!/usr/bin/perl >>>> >>>> print "Content-type: text/html\n\n"; >>>> print "<html>\n<body>\n"; >>>> print "<div style=\"width: 100%; font-size: 40px; font-weight: bold; >>>> text-align: center;\">\n"; >>>> print "CGI Test Page"; >>>> print "\n</div>\n"; >>>> print "</body>\n</html>\n"; >>>> >>>> apache2.4.x ubuntu18.04 libapache2-mod-apparmor not installed >>>> >>>> aa-status --verbose >>>> apparmor module is loaded. >>>> 8 profiles are loaded. >>>> 8 profiles are in enforce mode. >>>> /sbin/dhclient >>>> /usr/bin/man >>>> /usr/lib/NetworkManager/nm-dhcp-client.action >>>> /usr/lib/NetworkManager/nm-dhcp-helper >>>> /usr/lib/connman/scripts/dhclient-script >>>> /usr/sbin/tcpdump >>>> man_filter >>>> man_groff >>>> 0 profiles are in complain mode. >>>> 0 processes have profiles defined. >>>> 0 processes are in enforce mode. >>>> 0 processes are in complain mode. >>>> 0 processes are unconfined but have a profile defined. >>>> >>>> /proc/mounts >>>> 10.10.10.10:/vol/shared /shared nfs >>>> rw,relatime,vers=3,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=10.10.10.10,mountvers=3,mountport=635,mountproto=tcp,local_lock=none,addr=10.10.10.10 >>>> 0 0 >>>> >>>> su - www-data -s /bin/bash -c "/bin/cat >>>> /shared/www_root/cgi2/index.cgi" #working >>>> -- >>>> Michele Masè >>>> >>> >>> Usually NFS shares are being mounted without exec permissions for >>> security, you need to make sure that is not the case. >>> >>>> >> >> -- >> Michele Masè >> > -- Michele Masè
