Apache Problems.

Applications Web Development
1

Hello guys

I have been running a LAMP stack for awhile now but have never really explored the server side end of things. What I am trying to do is have a python script on a website run a bash command. This will accomplish a system so someone can create an account for proxy access via a webpage. I am running Ubuntu server edition 8.04.1

Here is my python script (For testing purposes) to do so:

import os

def main():
    username = "Test1"
    password = "Enter new password"
    os.system("htpasswd -b /etc/squid/passwd '%s' '%s'" % (username.replace("'"$
    return apache.OK
if __name__ == '__main__': main()

Now I read a bit on the net and from what I gathered I would need to run this as a CGI script. So I placed it in my /usr/lib/cgi-bin/ directory as a .py file.

Then when I go to my site (mysite.com/cgi-bin/program.py)

I get a 500 internal server error. So Once again I looked around and I figured out that I had bad handlers in my site configuration so I tried various different things and nothing seemed to work so I reset my site configuration to as follows:

NameVirtualHost *
<VirtualHost *>
        ServerAdmin webmaster@localhost

        DocumentRoot /home/carter/public_html
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /home/carter/public_html>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

Here is a section of my error log that pertains to this error:

[Sun Dec 07 06:33:46 2008] [notice] mod_python: Creating 8 session mutexes based on 150 max processes and 0 max threads.
[Sun Dec 07 06:33:46 2008] [notice] mod_python: using mutex_directory /tmp
[Sun Dec 07 06:33:46 2008] [notice] Apache/2.2.8 (Ubuntu) mod_python/3.3.1 Python/2.5.2 PHP/5.2.4-2ubuntu5.3 with Suhosin-Patch configured -- resuming normal operations
[Sun Dec 07 09:42:16 2008] [error] [client 222.187.220.162] script '/home/carter/public_html/prx1.php' not found or unable to stat
[Sun Dec 07 18:51:35 2008] [error] [client 137.186.97.98] File does not exist: /home/carter/public_html/favicon.ico
[Sun Dec 07 22:14:22 2008] [error] [client 192.168.1.4] File does not exist: /home/carter/public_html/mad_scientist.txt
[Sun Dec 07 22:24:23 2008] [error] [client 72.25.192.4] File does not exist: /home/carter/public_html/favicon.ico
[Sun Dec 07 23:52:00 2008] [error] [client 222.187.220.162] script '/home/carter/public_html/prx1.php' not found or unable to stat
[Mon Dec 08 17:53:46 2008] [notice] caught SIGWINCH, shutting down gracefully
[Mon Dec 08 17:53:57 2008] [notice] mod_python: Creating 8 session mutexes based on 150 max processes and 0 max threads.
[Mon Dec 08 17:53:57 2008] [notice] mod_python: using mutex_directory /tmp
[Mon Dec 08 17:53:57 2008] [notice] Apache/2.2.8 (Ubuntu) mod_python/3.3.1 Python/2.5.2 PHP/5.2.4-2ubuntu5.3 with Suhosin-Patch configured -- resuming normal operations
[Mon Dec 08 17:54:23 2008] [error] [client 192.168.1.4] (8)Exec format error: exec of '/usr/lib/cgi-bin/carternet.py' failed
[Mon Dec 08 17:54:23 2008] [error] [client 192.168.1.4] Premature end of script headers: carternet.py

Any help would be awesome. Thank you.

2

My guess is that the webserver does not have permissions to run the htpasswd command and store the file in /etc/squid/passwd.

The other possibility, if your code as posted is what you actually used is the fact that the line running the htpasswd is syntactically incorrect ( I assume the end of the line is just missing in your post).

3

Yeah, sorry, I didn't realize the script was cut off, although it seemed to only be cut off when I posted here (The actual script on the box is fine). I also thought it was a permissions problem but I gave my cgi-bin and the script it's self 777 permissions.

It is the premature end of headers that is causing the 500 Internal error.

4

Never give cgi-bin 777 permissions and never give anything in cgi-bin 777 permissions.

Try running your python script as the apache user (www-data) and see if it give any errors. I think the problem is in your script, not in the headers it creates. The reason it gives the header error is that the script exits with a non-zero exit code, and I'm pretty sure it's to do with the permissions of the webserver user to write to /etc/squid/passwd.

5

is AddHandler cgi-script py set in the apache config?

what is the first line of your script? it should be #!/usr/bin/python or whatever the path is.

also, you need to print the content-type in your script.

6

Alright. Here is the full script that I am running:

#!/usr/bin/python
print "Content-type: text/html"
import os

def main():
    username = raw_input ("Enter new username: ")
    password = raw_input ("Enter new password: ")
    os.system("htpasswd -b /etc/squid/passwd '%s' '%s'" % (username.replace("'", ""), password.replace("'", "")))

if __name__ == '__main__': main()

I added the Addhandler in there as well. Same 500 Server error. Also I changed the /etc/squid/passwd to 777.

7

add two new lines. to your print statement

print "Content-type: text/html\n\n"
8

Still not working.

9

can you post the last 10 lines of the apache error_log?

10

Well, I had acctually cleared the error log just a short while ago, but here is what it is saying:

[Sun Dec 14 00:53:57 2008] [error] [client 192.168.1.65] (2)No such file or directory: exec of '/usr/lib/cgi-bin/carternet.py' failed
[Sun Dec 14 00:53:57 2008] [error] [client 192.168.1.65] Premature end of script headers: carternet.py

carternet is the name of the file

11

what is the output of

ls -l /usr/lib/cgi-bin/carternet.py
ls -ld /usr/lib
ls -ld /usr/lib/cgi-bin
head -n 1 /usr/lib/cgi-bin/carternet.py

also - your going to have to change the raw_input() calls to use the CGI module.

12

ls -l /usr/lib/cgi-bin/carternet.py:

-rwxrwxrwx 1 root root 409 2008-12-14 00:49 /usr/lib/cgi-bin/carternet.py

head -n 1 /usr/lib/cgi-bin/carternet.py:

#!/usr/bin/python
13

First, try executing /usr/lib/cgi-bin/carternet.py from the command line. If that works OK, please let us know.

14

I just commented the lines with the raw_input() becasue I knew they would create problems.

And yes it works just fine through the command line.
Here is the output:

carter@ubuntu-Server:~$ python /usr/lib/cgi-bin/carternet.py
Content-type: text/html


Adding password for user test

Just to be 100% sure I went through and signed into the proxy using the generated information and that worked as well.

15

Are you running that as www-data ?

16

Also if you haven't already done so, set

LogLevel Debug

In the apache configuration.

17

Wouldn't it not matter what user I run it under due to it having 777 permissions. But to be sure could you give me the command to run the program under the www-data account?
Like I can run it under my normal user account without having to be root.

And I just set the LogLevel to Debug

18

It might not, but I think you are misunderstanding the problem I am describing, also as I said before, you should not be using 777.

sudo -i
su - www-data

Then run the command.

19

Command ran just fine under the www-data user. I know using 777 is a huge security hole -especially in the cgi-bin- but once I have this problem fixed I will patch that security hole. This server is inside my home LAN right now and is not available to the public.

20

And does it work without using the python at the start?

ie just:

/usr/lib/cgi-bin/carternet.py