Problem with Apache, permission denied

islanderman · April 6, 2011, 6:58pm

Just installed apache 2.2.17 and I can start up the httpd server without any errors. However when I try to access my scripts in /cgi-bin/ I'm getting the following error in error_log:

[Wed Apr 06 15:48:51 2011] [error] [client 135.70.28.21] Can't open perl script "/usr/local/apache2/cgi-bin/ldapsearch.cgi": Permission denied
[Wed Apr 06 15:48:51 2011] [error] [client 135.70.28.21] Premature end of script headers: ldapsearch.cgi

It happens for each of the scripts in my cgi-bin directory. These scripts were working with a much older version of apache, so it's not a script issue. I also do not have suexec installed. The permissions look correct.

I did update the httpd.conf file and replaced the User daemon with User nobody, and the Group daemon with Group nobody. 'nobody' is in both my /etc/passwd and /etc/group listings.

I have heard this might be an issue with loading headers, but I have installed twice now and didn't see any errors on the install.

Please help.

bakunin · April 7, 2011, 7:43am

Just some ideas what you could check:

permissions of the files in /usr/local/apache2/cgi-bin
permissions of the directory /usr/local/apache2/cgi-bin itself
contents of httpd.conf - as far as i remember separate permissions are laid down there
check under which UID/GID/EUID/PGID the httpd process runs.

I hope this helps.

bakunin

GeeMoney · April 7, 2011, 8:22am

I can recall myself a verry strange error happend to me before about /var/log/httpd not having the correct permissions, you can check those as well.

islanderman · April 7, 2011, 11:49am

I was able to get this. I changed the permissions in the directory from 644 to 755 and it works. I don't quite understand why but it does work now.

bakunin · April 8, 2011, 4:28am

What you did was to set the "x" bit for the directory for owner, owners group and world. The "x" bit in directory is necessary for the "chdir()" system call to get the files inode number and thus accessing the file.

Suppose you want to access /path_to/file: without the "r" bit on the file you wouldn't be allowed to read it and therefore a "cat /path_to/file" would fail. A "ls -l /path_to/file" might still work though, because even if the access to the files contents is blocked the existence of the file is no secret to you.

If the "x"-bit on the directory "/path_to" is missing for your UID you will not be able to do a "ls -l" (or any similar command) on the directory and therefore the access to the file would be blocked for another reason: you will not be allowed to get the inode information necessary to access the file.

For further information you might want to read Perderabos file permissions tutorial.

I hope this clears things up.

bakunin