Всем здрасте! Давненько уже перетащил Апач с php в chroot, но вот недавно понадобился и CGI Perl. Перетащил в chroot всё, что с ним связано, тестирую на примере test.pl, который содержит:
------test.pl----------------------------
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print "Hello!";
------test.pl----------------------------
#chroot /var/chroot/httpd /var/www/cgi-bin/test.plВ ответ:
>Content-type: text/html
>
>Hello!Тобишь всё чудесно.
Однако когда пытаюсь увидеть это заветное слово Hello! в Фаерфоксе, получаю Internal Server Error.
В логах:
......
[Wed Aug 10 16:51:37 2005] [error] [client 192.168.0.3] (13)Permission denied: exec of '/var/www/cgi-bin/test.pl' failed
[Wed Aug 10 16:51:37 2005] [error] [client 192.168.0.3] Premature end of script headers: test.pl
......
Сайт в httpd.conf прописан как VirtualHost. Здесь:
......
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
AddHandler cgi-script .cgi .pl
<Directory "/var/www/cgi-bin">
AllowOverride None
Options Indexes FollowSymLinks
Order allow,deny
Allow from all
</Directory>
......
Права на скрипт:
#ls -l cgi-bin|grep test
-rwxrwxrwx 1 apache apache 73 Авг 5 16:59 test.plУже и mod_suexec отключал, но ситуация та же :(. Уж не знаю, что и делать. Может кто подскажет? Буду весьма признателен.
>#chroot /var/chroot/httpd /var/www/cgi-bin/test.plЕсть ли права для апача для входа в /var/www/cgi-bin, /var/www... ? Может одна из директорий в пути недоступна для apache.
Положи strace в chroot, и запусти
chroot /var/chroot/httpd strace /usr/bin/perl /var/www/cgi-bin/test.pl
Спасибо за помощь, но опять же результатов нет :-(
>Есть ли права для апача для входа в /var/www/cgi-bin, /var/www... ? Может
>одна из директорий в пути недоступна для apache.
root@tux var]# ls www
drwxr-xr-x 6 root root 144 юОП 21 16:40 ./
drwxr-xr-x 8 root root 192 лЮИ 5 16:45 ../
drwxr-xr-x 2 root root 72 юБЦ 10 16:58 cgi-bin/
drwxr-xr-x 3 root root 1,1K юОП 18 16:32 error/
drwxr-xr-x 15 root root 1,3K хЧМ 23 15:19 html/
drwxr-xr-x 3 root root 4,7K юОП 18 16:34 icons/>Положи strace в chroot, и запусти
>chroot /var/chroot/httpd strace /usr/bin/perl /var/www/cgi-bin/test.plТут тоже ничего необычного вроде нет. Осмелюсь выложить весь strace:
[root@tux root]# chroot /var/chroot/httpd strace /usr/bin/perl /var/www/cgi-bin/test.pl
execve("/usr/bin/perl", ["/usr/bin/perl", "/var/www/cgi-bin/test.pl"], [/* 28 vars */]) = 0
uname({sys="Linux", node="tux.mydomain.net", ...}) = 0
brk(0) = 0x883a000
open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/tls/i686/mmx/libperl.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/tls/i686/mmx", 0xbfeae41c) = -1 ENOENT (No such file or directory)
open("/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/tls/i686/libperl.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/tls/i686", 0xbfeae41c) = -1 ENOENT (No such file or directory)
open("/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/tls/mmx/libperl.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/tls/mmx", 0xbfeae41c) = -1 ENOENT (No such file or directory)
open("/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/tls/libperl.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/tls", 0xbfeae41c) = -1 ENOENT (No such file or directory)
open("/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/i686/mmx/libperl.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/i686/mmx", 0xbfeae41c) = -1 ENOENT (No such file or directory)
open("/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/i686/libperl.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/i686", 0xbfeae41c) = -1 ENOENT (No such file or directory)
open("/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/mmx/libperl.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/mmx", 0xbfeae41c) = -1 ENOENT (No such file or directory)
open("/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/libperl.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \26\2\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0555, st_size=3386514, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xbf5fb000
old_mmap(NULL, 1267936, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x6ca000
old_mmap(0x7f3000, 45056, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x128000) = 0x7f3000
old_mmap(0x7fe000, 6368, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fe000
close(3) = 0
open("/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/tls/i686/mmx/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib/tls/i686/mmx", 0xbfeae400) = -1 ENOENT (No such file or directory)
open("/lib/tls/i686/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib/tls/i686", 0xbfeae400) = -1 ENOENT (No such file or directory)
open("/lib/tls/mmx/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib/tls/mmx", 0xbfeae400) = -1 ENOENT (No such file or directory)
open("/lib/tls/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib/tls", {st_mode=S_IFDIR|0755, st_size=208, ...}) = 0
open("/lib/i686/mmx/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib/i686/mmx", 0xbfeae400) = -1 ENOENT (No such file or directory)
open("/lib/i686/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib/i686", 0xbfeae400) = -1 ENOENT (No such file or directory)
open("/lib/mmx/libnsl.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/lib/mmx", 0xbfeae400) = -1 ENOENT (No such file or directory)
open("/lib/libnsl.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000<\0\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=91212, ...}) = 0
old_mmap(NULL, 85248, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xde6000
old_mmap(0xdf8000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x11000) = 0xdf8000
old_mmap(0xdf9000, 7424, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xdf9000
close(3) = 0
open("/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/tls/libdl.so.2", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\32\0\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=14632, ...}) = 0
old_mmap(NULL, 12148, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xd93000
old_mmap(0xd95000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x1000) = 0xd95000
close(3) = 0
open("/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/libm.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/tls/libm.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0005\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=210228, ...}) = 0
old_mmap(NULL, 138000, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xc20000
old_mmap(0xc41000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x20000) = 0xc41000
close(3) = 0
open("/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/tls/libcrypt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/libcrypt.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\v\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=55376, ...}) = 0
old_mmap(NULL, 277788, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x437000
old_mmap(0x441000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xa000) = 0x441000
old_mmap(0x443000, 228636, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x443000
close(3) = 0
open("/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/libutil.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/tls/libutil.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/libutil.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@\16\0\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=12456, ...}) = 0
old_mmap(NULL, 10996, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x111000
old_mmap(0x113000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x1000) = 0x113000
close(3) = 0
open("/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/tls/libpthread.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20G\0\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=98736, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xbf5fa000
old_mmap(NULL, 62436, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xcb0000
old_mmap(0xcbd000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xd000) = 0xcbd000
old_mmap(0xcbe000, 5092, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xcbe000
close(3) = 0
open("/usr/lib/perl5/5.8.3/i386-linux-thread-multi/CORE/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/tls/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220Y\1"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1572220, ...}) = 0
old_mmap(NULL, 1284620, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x147000
old_mmap(0x27b000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x133000) = 0x27b000
old_mmap(0x27e000, 10764, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x27e000
close(3) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xbf5f9000
mprotect(0x437000, 40960, PROT_READ|PROT_WRITE) = 0
mprotect(0x437000, 40960, PROT_READ|PROT_EXEC) = 0
set_thread_area({entry_number:-1 -> 6, base_addr:0xbf5f9080, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
set_tid_address(0xbf5f90c8) = 11788
rt_sigaction(SIGRTMIN, {0xcb4680, [], SA_RESTORER|SA_SIGINFO, 0xcbb0b0}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=10240*1024, rlim_max=RLIM_INFINITY}) = 0
rt_sigaction(SIGFPE, {SIG_IGN}, {SIG_DFL}, 8) = 0
brk(0) = 0x883a000
brk(0x885b000) = 0x885b000
brk(0) = 0x885b000
getuid32() = 0
geteuid32() = 0
getgid32() = 0
getegid32() = 0
open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=33582608, ...}) = 0
mmap2(NULL, 2097152, PROT_READ, MAP_PRIVATE, 3, 0) = 0xbf3f9000
mmap2(NULL, 204800, PROT_READ, MAP_PRIVATE, 3, 0xa63) = 0xbf3c7000
mmap2(NULL, 4096, PROT_READ, MAP_PRIVATE, 3, 0x1efc) = 0xbf3c6000
close(3) = 0
mmap2(NULL, 135168, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xbf3a5000
open("/dev/urandom", O_RDONLY|O_LARGEFILE) = 3
read(3, "\360\344\347G", 4) = 4
close(3) = 0
time([1123744215]) = 1123744215
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
_llseek(0, 0, 0xbfeae7d0, SEEK_CUR) = -1 ESPIPE (Illegal seek)
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbfeae798) = -1 ENOTTY (Inappropriate ioctl for device)
_llseek(1, 0, [0], SEEK_CUR) = 0
ioctl(2, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
_llseek(2, 0, 0xbfeae7d0, SEEK_CUR) = -1 ESPIPE (Illegal seek)
open("/var/www/cgi-bin/test.pl", O_RDONLY|O_LARGEFILE) = 3
ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbfeae868) = -1 ENOTTY (Inappropriate ioctl for device)
_llseek(3, 0, [0], SEEK_CUR) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0777, st_size=73, ...}) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
readlink("/proc/self/exe", 0xbfeadad0, 4095) = -1 ENOENT (No such file or directory)
getpid() = 11788
getppid() = 11787
read(3, "#!/usr/bin/perl -w\n\nprint \"Conte"..., 4096) = 73
read(3, "", 4096) = 0
close(3) = 0
write(1, "Content-type: text/html\n\nHello!", 31) = 31
exit_group(0) = ?
> write(1, "Content-type: text/html\n\nHello!", 31) = 31Ну и ? Все работает, просто после Hello нет \n, поставь - заработает.
>> write(1, "Content-type: text/html\n\nHello!", 31) = 31
>
>Ну и ? Все работает, просто после Hello нет \n, поставь -
>заработает.
А собственно какая разница? В любом случае ошибка то (13)Permission denied: exec of '/var/www/cgi-bin/test.pl' failed.
А есть ли какая опция, чтобы апач в лог информацию об ошибке попоробнее выдавал?
Права на /var/chroot/httpd/usr/bin, /var/chroot/httpd/usr, /var/chroot/httpd/var тоже нормальные ?
>Права на /var/chroot/httpd/usr/bin, /var/chroot/httpd/usr, /var/chroot/httpd/var тоже нормальные ?Вот черт, посыпаю голову пеплом :-). Ты прав, на /usr и директории в нем права стояли 700, не знаю как такое могло выйти (как только php работал? :-0). uldus огоромная тебе благодарность от партии :-)
>Вот черт, посыпаю голову пеплом :-). Ты прав, на /usr и директории
>в нем права стояли 700, не знаю как такое могло выйтиmod_php подгружается с апачем, который изначально от рута запускается, а вот cgi уже от uid апача, если suexec нет.