{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Evening l夕情丶 的问题《Apache/httpd /var/www/html/ .cgi scripts throw 500》','https://www.manongdao.com/q-595558.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I installed a new CentOS 7 x86_64 LAMP server today.
I compiled a simple CGI script in c and i called it test.cgi, and I enabled the AddHandler for .cgi scripts. However everytime i try to load the /test.cgi page from my /var/www/html directory any simple .cgi script will throw me a 500 internal server error page.
I tested that the script is working fine from the /var/www/cgi-bin directory. My server is running selinux and apache/httpd is using suEXEC.
EDIT: also I didn't create any extra users after the lamp installation so here I'm using root to do everything for now. However I tried to fix giving the /var/www/html directory ownership to the apache user, that didn't fix sadly.
Here's the error log, as you can see it gives me a 'Permission Denied' error:
[Mon Jul 21 15:28:14.336626 2014] [core:notice] [pid 22704] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Mon Jul 21 15:28:14.339766 2014] [suexec:notice] [pid 22704] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Jul 21 15:28:14.495631 2014] [auth_digest:notice] [pid 22704] AH01757: generating secret for digest authentication ...
[Mon Jul 21 15:28:14.498690 2014] [lbmethod_heartbeat:notice] [pid 22704] AH02282: No slotmem from mod_heartmonitor
[Mon Jul 21 15:28:14.765072 2014] [mpm_prefork:notice] [pid 22704] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 configured -- resuming normal operations
[Mon Jul 21 15:28:14.765186 2014] [core:notice] [pid 22704] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Mon Jul 21 15:28:16.027553 2014] [cgi:error] [pid 22706] [client 192.168.0.68:52930] AH01215: (13)Permission denied: exec of '/var/www/html/index.cgi' failed
[Mon Jul 21 15:28:16.030595 2014] [cgi:error] [pid 22706] [client 192.168.0.68:52930] End of script output before headers: index.cgi
[Mon Jul 21 15:45:01.586229 2014] [mpm_prefork:notice] [pid 22704] AH00170: caught SIGWINCH, shutting down gracefully
This is my /var/www/html apache config:
<Directory "/var/www/html">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options ExecCGI FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All
#
# Controls who can get stuff from this server.
#
Require all granted
</Directory>
And of course I activated CGI using: AddHandler cgi-script .cgi .pl
This is my simple test.c file:
#include <stdio.h>
int main(void) {
puts("Content-Type: text/html; charset=ISO-8859-1\n");
fputs("Hello, World!", stdout);
return 0;
}
The output is correctly: Content-Type: text/html; charset=ISO-8859-1\n\nHello, World!
Also i compiled it with gcc and then gave it permissions 777 to test.cgi Do you know what I need to do to fix this?
Thanks in advance, Zorgatone
I'm not sure if this is a viable solution for you, but I got it working by changing SELinux to permissive. Here are the steps in case you're interested.
Change the following line:
to:
I just solved reinstalling the server and doing all over again, disabled selinux and iptables, because I have already an external firewall.
Thanks to anyone who helped me out ;)
This is most likely an SELinux issue (which Tom Sweeney answer provides a solution to use a permissive SELinux and your own accepted answer which you indicated to disable SELinux entirely). An alternative approach is to configure appropriate SELinux types for your CGI files (and possibly other policy changes).
To start off, install the SELinux Policy Management tool (if not already done):
Assuming you want to permit all CGI-based files in your
/var/www/htmldirectory, you can use the following command to apply thehttpd_sys_script_exec_tcontext to your current and future CGI files:Next, restore the content for any existing CGI files:
You will also need to permit Apache to allow CGI scripts to be executed using the following:
You should be done. Note that if your CGI scripts need to read/write content from other files in your system, you'll have to also apply the
httpd_sys_rw_content_tcontext to those files as well (see below for an example).Just experienced this issue attempting to install Bugzilla (which uses CGI) on a CentOS 7 (x86_64) system. The following error was observed when monitoring my httpd error log (
sudo tail -f /var/log/httpd/error_log):Examining the context's applied to my Bugzilla installation, I see the following:
I then use the following commands to permit execution for Bugzilla's CGI scripts as well as access for said CGI scripts to read content inside the
./datadirectory:Examining the applied context's show the desired results:
Bugzilla should be usable now. There may be additional policies to apply for all capabilities provided by Bugzilla; however, I'm unknown if any additional policies are required.