Jump to content
xisto Community
Sign in to follow this  
jedipi

Strange Opendir Problem does not work for /home directory

Recommended Posts

The following is the content of my test.cgi.
Permission is 777,

#!/usr/bin/perlprint "Content-type: text/plain\n\n";$ss="/home";if (opendir(DIR, $ss)){   print "open $ss ok\n";}else {   print "fail open $ss !\n";}


after run this scripte, the result is : fail open /home !

It works if I change the value of $ss from /home to /tmp.

Why does it not work when the value of $ss is /home??
How can I make it work for /home directory??

Please help. Thank you.

Share this post


Link to post
Share on other sites

maybe your home directory permissions are not readable or the dir belongs to root or something ? try to connect to ftp thru php and open the dir, more about it here:

ftp connect

oh darn only now i remember that your script is an cgi/perl script, anyway if you include a php file thru cgi the server will stil parse it.

<!--#include virtual="/open.php" --><!--                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         -->

anyway, i don't know much of this language, maybe you have something native :)

Share this post


Link to post
Share on other sites

I did a test on RHEL, but fail.It is the same problem. /home directory cannot be accessed.But why??? :)Even the permission is set to 777. It just does not work.is it anything to do with the setting of apache???I did not change any setting of my apache server. Default setting is used.

Share this post


Link to post
Share on other sites

I assume you are using the perl script through a web server, possably apache ???for securety, apache runs as user "nobody" for securety reasons.nobody doesnt have a /home and so does not have access.this prevents a compromised web server getting access to usernames (stored in /home)nobody DOES have access to /tmp however.you chould change the access rightas to /home, but i would not recomend this.just re-think whatever you are trying to accumplish, and re-design it to work more securely.

Share this post


Link to post
Share on other sites

After a few day, the problem was fixed finally.My friend just tell me to disable SELINUX.After SELINUX is disable, the test script runs well.to qwijibow: you are quite right. I should design my script to work more securely. However, I just started to learn perl about two weeks ago.I will spend more time on it.Thanks for your help.

Share this post


Link to post
Share on other sites

I've written a guide on making SELinux co-operate with Apache, it's not really a good idea to disable SELinux so I looked for a method to work with this.

You'll want to look up the "chcon" command (change security context) and you may want to use "ls -Z" to display what you need altered or to show you if it's correct.

chcon -t httpd_sys_content_t -R $HOME/public_html

Say in your /home/UserName/ directory you have a directory called public_html, this command issued above, will make all directories, sub-directories and files all allow access for httpd (apache) to be able use public_html as we specifically made it contain system content that apache is allowed to view.

httpd_sys_exec_script_t should be set on all cgi/perl scripts as well as the cgi-bin directory.

Have a look at This Post for more information and better ways of setting permissions on your directories.

There could be more of these httpd_sys_ prefixed contexts, but the top two are the most common and most likely ones you'll ever need, I've not used any other context than these two on my own personal servers.

This should hopefully get you comfortable with SELinux.


Cheers,


MC

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.