henric at digitalroutes
May 9, 2008, 6:34 AM
Post #1 of 5
(108 views)
Permalink
|
|
Apache2+NFS+LDAP+CGI issue
|
|
Hi,
I've got a problem with Apache 2 + NFS + LDAP + CGI's. My setup is as follows:
Machine 1: NFS & LDAP server (web storage is mounted from this volume)
Machine 2: Apache 2.2.8
Machine 3: Apache 2.2.8
Machine 4: Apache 2.2.8
There is also a few other machines in the cluster, but they're
irrelevant to this problem (SQL servers, etc). All the machines run
Linux (Debian testing) 2.6.24.6 at the moment.
NFS:
The web root is mounted from machine 1 on machines 2 through 4. I'm
using the NFS kernel server V3. The export has got:
/www 10.0.0.7(rw,sync,subtree_check,no_root_squash,no_all_squash)
The mount(s) have got:
10.0.0.6:/www /www nfs rw,hard,intr,user,tcp 0 0
I have verified I can copy files to and from the NFS share from the
clients (2-4). I can also su to the apache user (apache) on the client
and run perl scripts from within the NFS shared directories, the same
goes for su'ing to any specific user and running the scripts as the
user. The apache user is the same across machine 2-4 as it's pulled in
via LDAP.
Apache:
Sample virtual host configuration:
<VirtualHost 209.172.X.X:80>
ServerName DOMAIN.co.uk
ServerAlias *.DOMAIN.co.uk
ScriptAlias /scripts/ /www/advice114/scripts/
AddType application/x-httpd-php .php
DocumentRoot /www/advice114/html
ErrorDocument 404 /scripts/common/404.pl
RewriteEngine on
RewriteOptions inherit
</VirtualHost>
Suexec is not enabled. Perl is 5.8.8 from apt. perl-suid is installed.
I do authentication via openldap & pam (slapd server-side) which is
working problem free from machine 2-4. Web 2-4 have only got
administrative accounts on them, but pulls in the web user accounts no
problem (also tested enabling shell for one and logged in no
problems).
The problem:
I can't run perl scripts for the life of me. I get the following error
in the error log and that's it:
[Fri May 09 14:05:39 2008] [error] [client 83.104.229.109]
(13)Permission denied: exec of '/www/advice120/scripts/rand_img01.pl'
failed
but:
web2:/usr/local/apache2/logs# ls -la /home2/advice120/scripts/rand_img01.pl
-r-xr-xr-x 1 advice120 advice120 1306 2008-05-07 12:48
/home2/advice120/scripts/rand_img01.pl
Output from ldapsearch (# lines cropped):
web2:/usr/local/apache2/logs# ldapsearch -x uid=advice120
dn: uid=advice120,ou=People,dc=X,dc=co,dc=uk
uid: advice120
cn: advice120
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/sftpsh
uidNumber: 8497
gidNumber: 8497
homeDirectory: /www/advice120
gecos: ,X
search: 2
result: 0 Success
Anyone have any idea why my perl cgi's won't execute? I think I've
tried everything I can think of, I've read docs, I've JFGI'ed it, and
no avail. The script can be read and executed on the server as the
correct user, but apache won't do it. Is this a problem with Apache <>
LDAP for getting permissions? :(
if anyone needs any more info I can supply virtually any info you need
re; the setup. thanks for your time!
--
Henric Blomgren
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org
|
