Re: Serious Privileges Problem: Please Help
by Victor Subervi other posts by this author
Nov 8 2009 12:00AM messages near this date
Re: Serious Privileges Problem: Please Help
|
Re: Serious Privileges Problem: Please Help
restorecon didn't change ls -lZ output
Can you give me the exact command for chcon? It complains there are too few
arguments, and I couldn't figure it out.
Does this really matter? I moved the selinux folder and its contents as well
as sent an "echo 0> ..." command to kill it. Furthermore,
[root@13gems global_solutions]# ps wax|grep selinux
17645 pts/0 S+ 0:00 grep selinux
Please advise.
V
On Sat, Nov 7, 2009 at 5:49 PM, Rami Chowdhury <rami.chowdhury@[...].com> wrote:
>
> On Saturday 07 November 2009 13:51:06 Victor Subervi wrote:
> > httpd.conf:
> >
> > <VirtualHost *:80>
> > ServerAdmin me@[...].vi
> > DocumentRoot /var/www/html/angrynates.com
> > ServerName angrynates.com
> > Options +ExecCGI -IncludesNoExec
> > <Directory /var/www/html/angrynates.com/global_solutions/*>
>
> You may want to change this to:
> <Directory /var/www/html/angrynates.com/global_solutions>
>
> If you want regular expression syntax, I would advise using the syntax
> <Directory ~ EXPRESSION>
> or
> <DirectoryMatch ~ EXPRESSION>
>
> > #ls -lZ
> > drwxr-xr-x root root 1024
> > drwxr-xr-x root root 1132
> > drwxr-xr-x root root 1255
> [snip]
>
> It looks like you don't have *any* SELinux context information; if SELinux
> is
> on, this will cause problems. Try using the 'restorecon' command to put the
> defaults in place, and consider using 'chcon' to change the security
> context
> to an appropriate one (I believe you want something like
> 'unconfined_u:object_r:httpd_sys_content_t' for Apache content).
>
> >
> > On Sat, Nov 7, 2009 at 4:09 PM, Rami Chowdhury
> <rami.chowdhury@[...].com>wrote:
> > > On Saturday 07 November 2009 06:13:11 Victor Subervi wrote:
> > > > I have a serious privileges problem that is making it impossible to
> > > > serve python pages on a CentOS server. It appears that nobody on the
> > > > CentOS discussion list has a solution to this problem. I'm desperate
> > > > and hoping someone on this list can help.
> > > >
> > > > [Fri Nov 06 11:50:40 2009] [error] [client 66.248.168.98] (2)No such
> > > > file or directory: exec of
> > > > '/var/www/html/angrynates.com/global_solutions/index.py' failed,
> > >
> > > referer:
> > > > http://angrynates.com/global_solutions/
> > > > [Fri Nov 06 11:50:40 2009] [error] [client 66.248.168.98] Premature
> end
> > >
> > > of
> > >
> > > > script headers: index.py, referer:
> > >
> > > http://angrynates.com/global_solutions/
> > >
> > > > Now, the file does exist:
> > > >
> > > > [root@13gems global_solutions]# pwd
> > > > /var/www/html/angrynates.com/global_solutions
> > > > [root@13gems global_solutions]# ls
> > > > ....
> > > > -rwxr-xr-x 1 victor victor 275 Nov 6 07:05 index.py
> > > > ....
> > > > and it serves just fine on another server, so there is no "premature
> > > > end
> > >
> > > of
> > >
> > > > script headers".
> > > >
> > > >
> > > > Here's where it gets really weird. If I copy the code for index.py
> and
> > > > template.py which the former calls, and create files test.py and
> > > > test2.py and paste the code from the former files in those new files
> > > > changing only the import statement from "template" to "test2", the
> > > > tests will resolve!! Now, the ownership and mode are identical on all
> > > > of them!!
> > > >
> > > >
> > > > [root@13gems global_solutions]# ls -al | grep test.py
> > > > -rwxr-xr-x 1 root root 298 Nov 6 12:24 test.py
> > > > [root@13gems global_solutions]# ls -al | grep test2.py
> > > > -rwxr-xr-x 1 root root 5716 Nov 6 12:25 test2.py
> > > > [root@13gems global_solutions]# ls -al | grep index.py
> > > > -rwxr-xr-x 1 root root 316 Nov 6 07:05 index.py
> > > > [root@13gems global_solutions]# ls -al | grep template.py
> > > > -rwxr-xr-x 1 root root 5806 Nov 6 07:06 template.py
> > > > -rwxr-xr-x 1 root root 6093 Nov 6 07:06 template.pyc
> > > >
> > > > where test.py is identical to index.py (other than the necessary
> > > > import) and template is identical to test2.py
> > > >
> > > >
> > > > fixfiles relabel /var/www/html
> > > > # might just work
> > > > It didn't
> > > >
> > > > touch /.autorelabel
> > > > # and then reboot will relabel all copied files to the correct
> contexts
> > >
> > > for
> > >
> > > > the location
> > > > I rebooted apache with no luck
> > > >
> > > > or you could turn off SELinux and reboot
> > > > I did that and the following two solutions with no luck:
> > > > echo 0 >/selinux/enforce
> > > >
> > > > [root@13gems ~]# cd /etc/
> > > > [root@13gems etc]# mv selinux/ selinux.BAK
> > > > [root@13gems etc]# mkdir selinux
> > > > [root@13gems etc]# echo 0>/selinux/enforce
> > > >
> > > > ...and the problem continues:
> > > > [root@13gems etc]# tail /var/log/httpd/error_log
> > > > [Fri Nov 06 12:51:49 2009] [error] [client 66.248.168.98] Premature
> end
> > >
> > > of
> > >
> > > > script headers: index.py, referer:
> > >
> > > http://angrynates.com/global_solutions/
> > >
> > > > [Fri Nov 06 12:56:18 2009] [error] [client 66.248.168.98] (2)No such
> > > > file or directory: exec of
> > > > '/var/www/html/angrynates.com/global_solutions/index.py' failed,
> > >
> > > referer:
> > > > http://angrynates.com/global_solutions/
> > > > [Fri Nov 06 12:56:18 2009] [error] [client 66.248.168.98] Premature
> end
> > >
> > > of
> > >
> > > > script headers: index.py, referer:
> > >
> > > http://angrynates.com/global_solutions/
> > >
> > > > [Fri Nov 06 12:56:20 2009] [error] [client 67.96.172.81] (2)No such
> > > > file
> > >
> > > or
> > >
> > > > directory: exec of '/var/www/html/
> > >
> > > angrynates.com/global_solutions/index.py'
> > >
> > > > failed
> > > > [Fri Nov 06 12:56:20 2009] [error] [client 67.96.172.81] Premature
> end
> > > > of script headers: index.py
> > > > [Fri Nov 06 13:52:15 2009] [error] [client 66.249.67.153] File does
> not
> > > > exist: /var/www/html/angrynates.com/robots.txt
> > > > [Fri Nov 06 13:52:52 2009] [error] [client 208.84.198.58] (2)No such
> > > > file or directory: exec of
> > > > '/var/www/html/angrynates.com/global_solutions/index.py' failed,
> > >
> > > referer:
> > > > http://angrynates.com/global_solutions/
> > > > [Fri Nov 06 13:52:52 2009] [error] [client 208.84.198.58] Premature
> end
> > >
> > > of
> > >
> > > > script headers: index.py, referer:
> > >
> > > http://angrynates.com/global_solutions/
> > >
> > > > [Fri Nov 06 13:52:52 2009] [error] [client 208.84.198.58] File does
> not
> > > > exist: /var/www/html/angrynates.com/favicon.ico
> > > > [Fri Nov 06 13:52:53 2009] [error] [client 208.84.198.58] File does
> not
> > > > exist: /var/www/html/angrynates.com/favicon.ico
> > > > [root@13gems etc]#
> > > >
> > > > Please help.
> > > > Victor
> > >
> > > Can we see the output of 'ls -lZ' and 'fixfiles check' on those
> > > directories,
> > > and see what the Apache (httpd.conf or .htaccess) configuration is for
> > > them?
> > >
> > > ----
> > > Rami Chowdhury
> > > "Passion is inversely proportional to the amount of real information
> > > available." -- Benford's Law of Controversy
> > > 408-597-7068 (US) / 07875-841-046 (UK) / 0189-245544 (BD)
> >
>
>
> ----
> Rami Chowdhury
> "Strangers are just friends who haven't had enough gin." -- Howdle's Saying
> 408-597-7068 (US) / 07875-841-046 (UK) / 0189-245544 (BD)
>
Thread:
Victor Subervi
Rami Chowdhury
Scott David Daniels
Victor Subervi
Dave Angel
Victor Subervi
Rami Chowdhury
Victor Subervi
Victor Subervi
Rami Chowdhury
Victor Subervi
Rami Chowdhury
Victor Subervi
Rami Chowdhury
Simon Forman
Victor Subervi
Rami Chowdhury
Victor Subervi
Rami Chowdhury
|
