httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michele Mase'" <michele.m...@gmail.com>
Subject Re: [users@httpd] ExecCGI ignored within nfs share
Date Tue, 04 Feb 2020 11:26:50 GMT
The directory perms are ok (directory 0755, files 0705); you can see the
content of the script but not execute it.

On Tue, Feb 4, 2020 at 2:12 AM Igor Cicimov <icicimov@gmail.com> wrote:

> Should have said "exported" with noexec instead of mounted to make it more
> clear. Then it doesn't matter what you do on the client side you will still
> not be able to run exe files.
>
> Since this is not the case maybe the perms of the directories on that path
> have no exe permissions them self?
>
> IC
>
> On Fri, Jan 31, 2020, 10:46 PM Michele Mase' <michele.mase@gmail.com>
> wrote:
>
>> From fstab:
>> 10.10.10.10:/vol/shared /shared nfs
>> defaults,exec,tcp,vers=3,intr,_netdev 0 0
>> From /proc/mounts
>> 10.10.10.10:/vol/shared /shared nfs
>> rw,relatime,vers=3,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=10.10.10.10,mountvers=3,mountport=635,mountproto=tcp,local_lock=none,addr=10.10.10.10
>> 0 0
>> The apache process user can execute scripts under nfs share:
>> su - www-data -s /bin/bash -c "/shared/www_root/cgi2/test.sh" #working
>>
>>
>> On Thu, Jan 30, 2020 at 8:57 PM Igor Cicimov <icicimov@gmail.com> wrote:
>>
>>> On Wed, Jan 29, 2020, 11:35 PM Michele Mase' <michele.mase@gmail.com>
>>> wrote:
>>>
>>>> I'm trying to execute some gci scripts under a certain directory stored
>>>> under an nfs share without any success; the same configuration is working
>>>> outside nfs share (i.e. under local filesystem).
>>>> What am I missing?
>>>> Regards
>>>> Michele Masè
>>>>
>>>> Local Working: curl https://www.example.com/cgi2/
>>>>
>>>> Alias /cgi2/ /var/www/html.default/cgi2/
>>>> <Directory "/var/www/html.default/cgi2">
>>>> AddHandler cgi-script .cgi .pl .sh
>>>> DirectoryIndex index.cgi index.html
>>>> Options +ExecCGI
>>>> </Directory>
>>>>
>>>>
>>>> NFS Not Working:
>>>> Alias /cgi2/ /shared/www_root/cgi2/
>>>> <Directory "/shared/www_root/cgi2/">
>>>> AddHandler cgi-script .cgi .pl .sh
>>>> DirectoryIndex index.cgi index.html
>>>> Options +ExecCGI
>>>> </Directory>
>>>>
>>>> Error_Log:
>>>> AH01262: Options ExecCGI is off in this directory:
>>>> /shared/www_root/cgi2/index.cgi
>>>>
>>>> index.cgi script
>>>>
>>>> #!/usr/bin/perl
>>>>
>>>> print "Content-type: text/html\n\n";
>>>> print "<html>\n<body>\n";
>>>> print "<div style=\"width: 100%; font-size: 40px; font-weight: bold;
>>>> text-align: center;\">\n";
>>>> print "CGI Test Page";
>>>> print "\n</div>\n";
>>>> print "</body>\n</html>\n";
>>>>
>>>> apache2.4.x ubuntu18.04 libapache2-mod-apparmor not installed
>>>>
>>>> aa-status --verbose
>>>> apparmor module is loaded.
>>>> 8 profiles are loaded.
>>>> 8 profiles are in enforce mode.
>>>>    /sbin/dhclient
>>>>    /usr/bin/man
>>>>    /usr/lib/NetworkManager/nm-dhcp-client.action
>>>>    /usr/lib/NetworkManager/nm-dhcp-helper
>>>>    /usr/lib/connman/scripts/dhclient-script
>>>>    /usr/sbin/tcpdump
>>>>    man_filter
>>>>    man_groff
>>>> 0 profiles are in complain mode.
>>>> 0 processes have profiles defined.
>>>> 0 processes are in enforce mode.
>>>> 0 processes are in complain mode.
>>>> 0 processes are unconfined but have a profile defined.
>>>>
>>>> /proc/mounts
>>>> 10.10.10.10:/vol/shared /shared nfs
>>>> rw,relatime,vers=3,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=10.10.10.10,mountvers=3,mountport=635,mountproto=tcp,local_lock=none,addr=10.10.10.10
>>>> 0 0
>>>>
>>>> su - www-data -s /bin/bash -c "/bin/cat
>>>> /shared/www_root/cgi2/index.cgi" #working
>>>> --
>>>> Michele Masè
>>>>
>>>
>>> Usually NFS shares are being mounted without exec permissions for
>>> security, you need to make sure that is not the case.
>>>
>>>>
>>
>> --
>> Michele Masè
>>
>

-- 
Michele Masè

Mime
View raw message