Serious Privileges Problem: Please Help

Victor Subervi victorsubervi at gmail.com
Sun Nov 8 02:59:23 EST 2009 

restorecon didn't change ls -lZ output
Can you give me the exact command for chcon? It complains there are too few
arguments, and I couldn't figure it out.
Does this really matter? I moved the selinux folder and its contents as well
as sent an "echo 0>..." command to kill it. Furthermore,
[root at 13gems global_solutions]# ps wax|grep selinux
17645 pts/0    S+     0:00 grep selinux
Please advise.
V

On Sat, Nov 7, 2009 at 5:49 PM, Rami Chowdhury <rami.chowdhury at gmail.com>wrote:

>
> On Saturday 07 November 2009 13:51:06 Victor Subervi wrote:
> > httpd.conf:
> >
> > <VirtualHost *:80>
> > ServerAdmin me at creative.vi
> > DocumentRoot /var/www/html/angrynates.com
> > ServerName angrynates.com
> > Options +ExecCGI -IncludesNoExec
> > <Directory /var/www/html/angrynates.com/global_solutions/*>
>
> You may want to change this to:
>         <Directory /var/www/html/angrynates.com/global_solutions>
>
> If you want regular expression syntax, I would advise using the syntax
>        <Directory ~ EXPRESSION>
> or
>        <DirectoryMatch ~ EXPRESSION>
>
> > #ls -lZ
> > drwxr-xr-x  root root                                  1024
> > drwxr-xr-x  root root                                  1132
> > drwxr-xr-x  root root                                  1255
> [snip]
>
> It looks like you don't have *any* SELinux context information; if SELinux
> is
> on, this will cause problems. Try using the 'restorecon' command to put the
> defaults in place, and consider using 'chcon' to change the security
> context
> to an appropriate one (I believe you want something like
> 'unconfined_u:object_r:httpd_sys_content_t' for Apache content).
>
> >
> > On Sat, Nov 7, 2009 at 4:09 PM, Rami Chowdhury
> <rami.chowdhury at gmail.com>wrote:
> > > On Saturday 07 November 2009 06:13:11 Victor Subervi wrote:
> > > > I have a serious privileges problem that is making it impossible to
> > > > serve python pages on a CentOS server. It appears that nobody on the
> > > > CentOS discussion list has a solution to this problem. I'm desperate
> > > > and hoping someone on this list can help.
> > > >
> > > > [Fri Nov 06 11:50:40 2009] [error] [client 66.248.168.98] (2)No such
> > > > file or directory: exec of
> > > >  '/var/www/html/angrynates.com/global_solutions/index.py' failed,
> > >
> > > referer:
> > > >  http://angrynates.com/global_solutions/
> > > > [Fri Nov 06 11:50:40 2009] [error] [client 66.248.168.98] Premature
> end
> > >
> > > of
> > >
> > > > script headers: index.py, referer:
> > >
> > > http://angrynates.com/global_solutions/
> > >
> > > > Now, the file does exist:
> > > >
> > > > [root at 13gems global_solutions]# pwd
> > > > /var/www/html/angrynates.com/global_solutions
> > > > [root at 13gems global_solutions]# ls
> > > > ....
> > > > -rwxr-xr-x 1 victor victor 275 Nov 6 07:05 index.py
> > > > ....
> > > > and it serves just fine on another server, so there is no "premature
> > > > end
> > >
> > > of
> > >
> > > > script headers".
> > > >
> > > >
> > > > Here's where it gets really weird. If I copy the code for index.py
> and
> > > > template.py which the former calls, and create files test.py and
> > > > test2.py and paste the code from the former files in those new files
> > > > changing only the import statement from "template" to "test2", the
> > > > tests will resolve!! Now, the ownership and mode are identical on all
> > > > of them!!
> > > >
> > > >
> > > > [root at 13gems global_solutions]# ls -al | grep test.py
> > > > -rwxr-xr-x 1 root root 298 Nov 6 12:24 test.py
> > > > [root at 13gems global_solutions]# ls -al | grep test2.py
> > > > -rwxr-xr-x 1 root root 5716 Nov 6 12:25 test2.py
> > > > [root at 13gems global_solutions]# ls -al | grep index.py
> > > > -rwxr-xr-x 1 root root 316 Nov 6 07:05 index.py
> > > > [root at 13gems global_solutions]# ls -al | grep template.py
> > > > -rwxr-xr-x 1 root root 5806 Nov 6 07:06 template.py
> > > > -rwxr-xr-x 1 root root 6093 Nov 6 07:06 template.pyc
> > > >
> > > > where test.py is identical to index.py (other than the necessary
> > > > import) and template is identical to test2.py
> > > >
> > > >
> > > > fixfiles relabel /var/www/html
> > > > # might just work
> > > > It didn't
> > > >
> > > > touch /.autorelabel
> > > > # and then reboot will relabel all copied files to the correct
> contexts
> > >
> > > for
> > >
> > > > the location
> > > > I rebooted apache with no luck
> > > >
> > > > or you could turn off SELinux and reboot
> > > > I did that and the following two solutions with no luck:
> > > > echo 0 >/selinux/enforce
> > > >
> > > > [root at 13gems ~]# cd /etc/
> > > > [root at 13gems etc]# mv selinux/ selinux.BAK
> > > > [root at 13gems etc]# mkdir selinux
> > > > [root at 13gems etc]# echo 0>/selinux/enforce
> > > >
> > > > ...and the problem continues:
> > > > [root at 13gems etc]# tail /var/log/httpd/error_log
> > > > [Fri Nov 06 12:51:49 2009] [error] [client 66.248.168.98] Premature
> end
> > >
> > > of
> > >
> > > > script headers: index.py, referer:
> > >
> > > http://angrynates.com/global_solutions/
> > >
> > > > [Fri Nov 06 12:56:18 2009] [error] [client 66.248.168.98] (2)No such
> > > > file or directory: exec of
> > > >  '/var/www/html/angrynates.com/global_solutions/index.py' failed,
> > >
> > > referer:
> > > >  http://angrynates.com/global_solutions/
> > > > [Fri Nov 06 12:56:18 2009] [error] [client 66.248.168.98] Premature
> end
> > >
> > > of
> > >
> > > > script headers: index.py, referer:
> > >
> > > http://angrynates.com/global_solutions/
> > >
> > > > [Fri Nov 06 12:56:20 2009] [error] [client 67.96.172.81] (2)No such
> > > > file
> > >
> > > or
> > >
> > > > directory: exec of '/var/www/html/
> > >
> > > angrynates.com/global_solutions/index.py'
> > >
> > > > failed
> > > > [Fri Nov 06 12:56:20 2009] [error] [client 67.96.172.81] Premature
> end
> > > > of script headers: index.py
> > > > [Fri Nov 06 13:52:15 2009] [error] [client 66.249.67.153] File does
> not
> > > > exist: /var/www/html/angrynates.com/robots.txt
> > > > [Fri Nov 06 13:52:52 2009] [error] [client 208.84.198.58] (2)No such
> > > > file or directory: exec of
> > > >  '/var/www/html/angrynates.com/global_solutions/index.py' failed,
> > >
> > > referer:
> > > >  http://angrynates.com/global_solutions/
> > > > [Fri Nov 06 13:52:52 2009] [error] [client 208.84.198.58] Premature
> end
> > >
> > > of
> > >
> > > > script headers: index.py, referer:
> > >
> > > http://angrynates.com/global_solutions/
> > >
> > > > [Fri Nov 06 13:52:52 2009] [error] [client 208.84.198.58] File does
> not
> > > > exist: /var/www/html/angrynates.com/favicon.ico
> > > > [Fri Nov 06 13:52:53 2009] [error] [client 208.84.198.58] File does
> not
> > > > exist: /var/www/html/angrynates.com/favicon.ico
> > > > [root at 13gems etc]#
> > > >
> > > > Please help.
> > > > Victor
> > >
> > > Can we see the output of 'ls -lZ' and 'fixfiles check' on those
> > > directories,
> > > and see what the Apache (httpd.conf or .htaccess) configuration is for
> > > them?
> > >
> > > ----
> > > Rami Chowdhury
> > > "Passion is inversely proportional to the amount of real information
> > > available." -- Benford's Law of Controversy
> > > 408-597-7068 (US) / 07875-841-046 (UK) / 0189-245544 (BD)
> >
>
>
> ----
> Rami Chowdhury
> "Strangers are just friends who haven't had enough gin." -- Howdle's Saying
> 408-597-7068 (US) / 07875-841-046 (UK) / 0189-245544 (BD)
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20091108/65121aef/attachment-0001.html>

More information about the Python-list mailing list