httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Cicimov <icici...@gmail.com>
Subject Re: [users@httpd] ExecCGI ignored within nfs share
Date Thu, 30 Jan 2020 20:57:22 GMT
On Wed, Jan 29, 2020, 11:35 PM Michele Mase' <michele.mase@gmail.com> wrote:

> I'm trying to execute some gci scripts under a certain directory stored
> under an nfs share without any success; the same configuration is working
> outside nfs share (i.e. under local filesystem).
> What am I missing?
> Regards
> Michele Masè
>
> Local Working: curl https://www.example.com/cgi2/
>
> Alias /cgi2/ /var/www/html.default/cgi2/
> <Directory "/var/www/html.default/cgi2">
> AddHandler cgi-script .cgi .pl .sh
> DirectoryIndex index.cgi index.html
> Options +ExecCGI
> </Directory>
>
>
> NFS Not Working:
> Alias /cgi2/ /shared/www_root/cgi2/
> <Directory "/shared/www_root/cgi2/">
> AddHandler cgi-script .cgi .pl .sh
> DirectoryIndex index.cgi index.html
> Options +ExecCGI
> </Directory>
>
> Error_Log:
> AH01262: Options ExecCGI is off in this directory:
> /shared/www_root/cgi2/index.cgi
>
> index.cgi script
>
> #!/usr/bin/perl
>
> print "Content-type: text/html\n\n";
> print "<html>\n<body>\n";
> print "<div style=\"width: 100%; font-size: 40px; font-weight: bold;
> text-align: center;\">\n";
> print "CGI Test Page";
> print "\n</div>\n";
> print "</body>\n</html>\n";
>
> apache2.4.x ubuntu18.04 libapache2-mod-apparmor not installed
>
> aa-status --verbose
> apparmor module is loaded.
> 8 profiles are loaded.
> 8 profiles are in enforce mode.
>    /sbin/dhclient
>    /usr/bin/man
>    /usr/lib/NetworkManager/nm-dhcp-client.action
>    /usr/lib/NetworkManager/nm-dhcp-helper
>    /usr/lib/connman/scripts/dhclient-script
>    /usr/sbin/tcpdump
>    man_filter
>    man_groff
> 0 profiles are in complain mode.
> 0 processes have profiles defined.
> 0 processes are in enforce mode.
> 0 processes are in complain mode.
> 0 processes are unconfined but have a profile defined.
>
> /proc/mounts
> 10.10.10.10:/vol/shared /shared nfs
> rw,relatime,vers=3,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=10.10.10.10,mountvers=3,mountport=635,mountproto=tcp,local_lock=none,addr=10.10.10.10
> 0 0
>
> su - www-data -s /bin/bash -c "/bin/cat /shared/www_root/cgi2/index.cgi"
> #working
> --
> Michele Masè
>

Usually NFS shares are being mounted without exec permissions for security,
you need to make sure that is not the case.

>

Mime
View raw message