Serious Privileges Problem: Please Help

Rami Chowdhury rami.chowdhury at gmail.com
Sat Nov 7 17:49:28 EST 2009 

On Saturday 07 November 2009 13:51:06 Victor Subervi wrote:
> httpd.conf:
> 
> <VirtualHost *:80>
> ServerAdmin me at creative.vi
> DocumentRoot /var/www/html/angrynates.com
> ServerName angrynates.com
> Options +ExecCGI -IncludesNoExec
> <Directory /var/www/html/angrynates.com/global_solutions/*>

You may want to change this to:
	<Directory /var/www/html/angrynates.com/global_solutions>

If you want regular expression syntax, I would advise using the syntax
	<Directory ~ EXPRESSION>
or 
	<DirectoryMatch ~ EXPRESSION>

> #ls -lZ
> drwxr-xr-x  root root                                  1024
> drwxr-xr-x  root root                                  1132
> drwxr-xr-x  root root                                  1255
[snip]

It looks like you don't have *any* SELinux context information; if SELinux is 
on, this will cause problems. Try using the 'restorecon' command to put the 
defaults in place, and consider using 'chcon' to change the security context 
to an appropriate one (I believe you want something like 
'unconfined_u:object_r:httpd_sys_content_t' for Apache content). 

> 
> On Sat, Nov 7, 2009 at 4:09 PM, Rami Chowdhury 
<rami.chowdhury at gmail.com>wrote:
> > On Saturday 07 November 2009 06:13:11 Victor Subervi wrote:
> > > I have a serious privileges problem that is making it impossible to
> > > serve python pages on a CentOS server. It appears that nobody on the
> > > CentOS discussion list has a solution to this problem. I'm desperate
> > > and hoping someone on this list can help.
> > >
> > > [Fri Nov 06 11:50:40 2009] [error] [client 66.248.168.98] (2)No such
> > > file or directory: exec of
> > >  '/var/www/html/angrynates.com/global_solutions/index.py' failed,
> >
> > referer:
> > >  http://angrynates.com/global_solutions/
> > > [Fri Nov 06 11:50:40 2009] [error] [client 66.248.168.98] Premature end
> >
> > of
> >
> > > script headers: index.py, referer:
> >
> > http://angrynates.com/global_solutions/
> >
> > > Now, the file does exist:
> > >
> > > [root at 13gems global_solutions]# pwd
> > > /var/www/html/angrynates.com/global_solutions
> > > [root at 13gems global_solutions]# ls
> > > ....
> > > -rwxr-xr-x 1 victor victor 275 Nov 6 07:05 index.py
> > > ....
> > > and it serves just fine on another server, so there is no "premature
> > > end
> >
> > of
> >
> > > script headers".
> > >
> > >
> > > Here's where it gets really weird. If I copy the code for index.py and
> > > template.py which the former calls, and create files test.py and
> > > test2.py and paste the code from the former files in those new files
> > > changing only the import statement from "template" to "test2", the
> > > tests will resolve!! Now, the ownership and mode are identical on all
> > > of them!!
> > >
> > >
> > > [root at 13gems global_solutions]# ls -al | grep test.py
> > > -rwxr-xr-x 1 root root 298 Nov 6 12:24 test.py
> > > [root at 13gems global_solutions]# ls -al | grep test2.py
> > > -rwxr-xr-x 1 root root 5716 Nov 6 12:25 test2.py
> > > [root at 13gems global_solutions]# ls -al | grep index.py
> > > -rwxr-xr-x 1 root root 316 Nov 6 07:05 index.py
> > > [root at 13gems global_solutions]# ls -al | grep template.py
> > > -rwxr-xr-x 1 root root 5806 Nov 6 07:06 template.py
> > > -rwxr-xr-x 1 root root 6093 Nov 6 07:06 template.pyc
> > >
> > > where test.py is identical to index.py (other than the necessary
> > > import) and template is identical to test2.py
> > >
> > >
> > > fixfiles relabel /var/www/html
> > > # might just work
> > > It didn't
> > >
> > > touch /.autorelabel
> > > # and then reboot will relabel all copied files to the correct contexts
> >
> > for
> >
> > > the location
> > > I rebooted apache with no luck
> > >
> > > or you could turn off SELinux and reboot
> > > I did that and the following two solutions with no luck:
> > > echo 0 >/selinux/enforce
> > >
> > > [root at 13gems ~]# cd /etc/
> > > [root at 13gems etc]# mv selinux/ selinux.BAK
> > > [root at 13gems etc]# mkdir selinux
> > > [root at 13gems etc]# echo 0>/selinux/enforce
> > >
> > > ...and the problem continues:
> > > [root at 13gems etc]# tail /var/log/httpd/error_log
> > > [Fri Nov 06 12:51:49 2009] [error] [client 66.248.168.98] Premature end
> >
> > of
> >
> > > script headers: index.py, referer:
> >
> > http://angrynates.com/global_solutions/
> >
> > > [Fri Nov 06 12:56:18 2009] [error] [client 66.248.168.98] (2)No such
> > > file or directory: exec of
> > >  '/var/www/html/angrynates.com/global_solutions/index.py' failed,
> >
> > referer:
> > >  http://angrynates.com/global_solutions/
> > > [Fri Nov 06 12:56:18 2009] [error] [client 66.248.168.98] Premature end
> >
> > of
> >
> > > script headers: index.py, referer:
> >
> > http://angrynates.com/global_solutions/
> >
> > > [Fri Nov 06 12:56:20 2009] [error] [client 67.96.172.81] (2)No such
> > > file
> >
> > or
> >
> > > directory: exec of '/var/www/html/
> >
> > angrynates.com/global_solutions/index.py'
> >
> > > failed
> > > [Fri Nov 06 12:56:20 2009] [error] [client 67.96.172.81] Premature end
> > > of script headers: index.py
> > > [Fri Nov 06 13:52:15 2009] [error] [client 66.249.67.153] File does not
> > > exist: /var/www/html/angrynates.com/robots.txt
> > > [Fri Nov 06 13:52:52 2009] [error] [client 208.84.198.58] (2)No such
> > > file or directory: exec of
> > >  '/var/www/html/angrynates.com/global_solutions/index.py' failed,
> >
> > referer:
> > >  http://angrynates.com/global_solutions/
> > > [Fri Nov 06 13:52:52 2009] [error] [client 208.84.198.58] Premature end
> >
> > of
> >
> > > script headers: index.py, referer:
> >
> > http://angrynates.com/global_solutions/
> >
> > > [Fri Nov 06 13:52:52 2009] [error] [client 208.84.198.58] File does not
> > > exist: /var/www/html/angrynates.com/favicon.ico
> > > [Fri Nov 06 13:52:53 2009] [error] [client 208.84.198.58] File does not
> > > exist: /var/www/html/angrynates.com/favicon.ico
> > > [root at 13gems etc]#
> > >
> > > Please help.
> > > Victor
> >
> > Can we see the output of 'ls -lZ' and 'fixfiles check' on those
> > directories,
> > and see what the Apache (httpd.conf or .htaccess) configuration is for
> > them?
> >
> > ----
> > Rami Chowdhury
> > "Passion is inversely proportional to the amount of real information
> > available." -- Benford's Law of Controversy
> > 408-597-7068 (US) / 07875-841-046 (UK) / 0189-245544 (BD)
> 


----
Rami Chowdhury
"Strangers are just friends who haven't had enough gin." -- Howdle's Saying
408-597-7068 (US) / 07875-841-046 (UK) / 0189-245544 (BD)

More information about the Python-list mailing list