CGI Script Access Fails On Linux
[1/5] from: tim:johnsons-web at: 21-Nov-2000 18:00
On Red Hat 6.2,
I have the following script:
#!/usr/bin/rebol -cs
REBOL[]
print "Content-Type: text/html^/^/"
write %test.txt "second try"
when run from the command line, this works as expected.
when run as cgi, this fails with the following error message:
** Access Error: Cannot open /home/httpd/cgi-bin/test.txt.
** Where: write %test.txt "second try"
All permissions to the directory are set to read, write and execute.
Owner is set to nobody
httpd.conf has the following lines:
User nobody
Group nobody
Does anyone have any idea of what else I should do to make
this work!
BTW: print read %test.txt works.
TIA
Tim
[2/5] from: tim:johnsons-web at: 21-Nov-2000 21:24
hmmmm! Now I have success....
I remapped cgi-bin to another directory.
(other than /home/httpd/cgi-bin)
Could it be that rebol has a security block to
/home/httpd/cgi-bin ?
I'd welcome other observations. :)
Tim
Same permissions.
Tim Johnson wrote:
[3/5] from: rebol:techscribe at: 21-Nov-2000 22:53
Hi Tim,
you executed the script from the command line. A file test.txt was
created. This file's owner is the username under which you were logged
in at the time. User nobody cannot overwrite the file created by that
user. That's why you're getting the error message. Remove the file and
everything should work just fine.
However, you absolutely should not make the user nobody the owner of the
cgi-bin directory. Nor should "other" settings permit writing to the
directory. That invites trouble. I set my cgi-bin settings to 751
(giving visitors only execute permission on the directory, i.e. they can
enter it). Permission settings on the file are 755.
What I do is I create a directory at the same level as cgi-bin (let's
call that directory temp or something else), set the permissions of that
directory to 777.Your script would have to say
write %../temp/test.txt
Hope this helps,
Elan
[4/5] from: rebol:techscribe at: 21-Nov-2000 22:56
Tim Johnson wrote:
> hmmmm! Now I have success....
> I remapped cgi-bin to another directory.
You're seeing ghosts, Tim. It has nothing to do with REBOL (read my
chapter on CGI. What did I write it for ... ;-). In the new directory you
did not have a file test.txt that had been created by running the script
manually (vie command line). Therefore REBOL did not encounter a test.txt
file whose owner and permission settings prevented REBOL from overwriting
that file. (see my previous email :-).
Take Care,
Elan
[5/5] from: tim::johnsons-web::com at: 22-Nov-2000 7:45
Hi Elan:
I've known all along that it was a permissions not a rebol issue.
BUT
I don't know what you mean about seeing ghosts...
<duh>that doesn't compute </duh>
But as it is now....
Script set to 755
dir set to 511
writes to file as cgi OR command-line
I'm not inclined to re-direct I/O just now,
but will pursue this query further with my
fellow (and more advanced LUG-nuts)
regarding security issues.
<Comment>Really like linux but <sigh>being one's own sysadmin
is taking some getting used to </sigh></comment>
Thanks Elan:
Hope all is going well
Tim
Elan wrote: