Re: apache

[Jonathan Berry <berryja gmail com>]

On Mon, 28 Feb 2005 14:02:05 -0600, Edwards, Thomas W.
<TWEdwards cimplify net> wrote:
> 
> Sorry bout the html.
> 
> And yes that did the trick, when I added selinux=0 to the grub.conf
> file.
> 
> Any clue why that would happen?  How would it affect cgi from diff
> directories and not the normal dir?
> 
> And I don't recall seeing messages pertaining to selinux in the logs
> 
> Just denied access, thought it was permissions.

That's exactly what SELinux does, it keeps scripts that aren't where
they are supposed to be from executing.  This is so a hacker can't
stick a script in /tmp/ and run it and do whatever he wants with your
box.  If there are certain directories that you want to also put
scripts in, notice the (SELinux) permissions on /var/www/cgi-bin and
change the permissions on the other directories to be the same.
$ ls -Z /var/www/
drwxr-xr-x  root     root     system_u:object_r:httpd_sys_script_exec_t cgi-bin

I highly recommend looking over at least the SELinux FAQ:
http://fedora.redhat.com/docs/selinux-faq-fc3/ and take a look at "man
chcon"
This should be very familiar to the setting up public_html
directories.  Of course, the easiest thing to do is to just put all of
your scripts in /var/www/cgi-bin/ if there is no reason not to.

Jonathan