With a little side of applesauce...

Thursday, February 1, 2007

Greenstone on Fedora Core 4 (SELinux causing issues with CGI scripts)

When I take the default installs that place the cgi-bin in /usr/local/gsdl/cgi-bin, I am unable to execute the script. The /var/log/httpd/error_log reports:

[Sat Mar 11 23:48:11 2006] [error] [client 127.0.0.1] (13)Permission denied: exec of ‘/usr/local/gsdl/cgi-bin/library’ failed
[Sat Mar 11 23:48:11 2006] [error] [client 127.0.0.1] Premature end of script headers: library

I add the following to my /etc/httpd/conf/httpd.conf file as directed:

 ScriptAlias /cgi-bin/ "/usr/local/gsdl/cgi-bin/"   AllowOverride None Options None Order allow,deny Allow from all  

And an ls -l of the directory shows that permissions should be ok:

[root@localhost cgi-bin]# ls -l
total 3544
-rw-r–r– 1 apache apache 210195 Mar 11 23:23 CGI.pm
-rw-r–r– 1 apache apache 90 Mar 11 23:23 getior
-rwxr-xr-x 1 apache apache 26986 Mar 11 23:23 gliserver.pl
-rw-r–r– 1 apache apache 5426 Mar 11 23:23 gsdlCGI.pm
-rw-r–r– 1 apache apache 1132 Mar 11 23:44 gsdlsite.cfg
-rwxr-xr-x 1 apache apache 2119460 Mar 11 23:43 library
-rwxr-xr-x 1 apache apache 1171468 Mar 11 23:44 oaiserver
-rw-r–r– 1 apache apache 3240 Mar 11 23:23 perl.cgi
-rw-r–r– 1 apache apache 3195 Mar 11 23:23 readresults.cgi
-rw-r–r– 1 apache apache 1337 Mar 11 23:23 trackreport.cgi
-rw-r–r– 1 apache apache 3716 Mar 11 23:23 usabcgi.pm

Apparently, SELinux is causing this issue. The temporary fix was to run:

[root@localhost cgi-bin]# su -
[root@localhost ~]# setenforce 0

According to this post https://www.redhat.com/archives/fedora-list/2005-November/msg00410.html, you can set it permanently by making the following changes in the /etc/selinux/config:

SELINUX=enforcing

To:

SELINUX=permissive

And, rebooting. I haven’t tested this change, but will comment if it does.

No comments: