Apache 2.4 executes only some CGI scripts - browser

I'm using Apache 2.4.7 on Ubuntu 14.04.5 in a VirtualBox VM. Things are almost working...
Some of my cgi scripts run/execute, but other scripts only display the source for the script. There are no errors or interesting entries in the access.log or error.log files.
Update: After further troubleshooting, I believe the problem was browser caching (sigh!) After force reloading (Cmd-Shift-R on Mac),
they all execute as desired. (I believe the scripts that executed properly the
first time were those that I tested when I had the configuration
correct; the ones that simply listed their source were the ones I tested first.)
For the record, the settings below are working correctly now.
All scripts end in .cgi, all invoke #!/usr/bin/perl as the first line, all have the same permissions (with +x). I have appended the ls of the "cgi" directory, and the site's config file.
What am I missing that would cause some files to execute, while others list? Many thanks!
CGI directory, with permissions:
wnr#wnr-VirtualBox:/usr/local/webview/www/flow$ ls -al *.cgi
-rwxr-xr-x 1 wnr wnr 89720 Aug 9 2013 adhoc.cgi
-rwxr-xr-x 1 wnr wnr 10535 Apr 2 2013 adhocClick.cgi
-rwxr-xr-x 1 wnr wnr 6155 Mar 19 2012 adhocIf.cgi
-rwxr-xr-x 1 wnr wnr 929 Feb 25 2013 configdump.cgi
-rwxr-xr-x 1 wnr wnr 13325 Apr 8 2013 exporter.cgi
-rwxr-xr-x 1 wnr wnr 6624 Mar 19 2012 flow-collector-stats.cgi
-rwxr-xr-x 1 wnr wnr 2716 May 9 12:28 getFilter.cgi
-rwxr-xr-x 1 wnr wnr 124 May 9 12:48 hirich.cgi
-rwxr-xr-x 1 wnr wnr 88514 May 9 12:27 render.cgi
-rwxr-xr-x 1 wnr wnr 8242 Apr 1 2013 weblog.cgi
Note: weblog.cgi and hirich.cgi both execute as expected, the others simply list the source code...
Here's the site's config file:
wnr#wnr-VirtualBox:/usr/local/webview/www/flow$ cat /etc/apache2/sites-enabled/000-default.conf
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
Alias "/webview" "/usr/local/webview/www"
<Directory "/usr/local/webview/www" >
# Options Indexes Includes FollowSymLinks ExecCGI
Options Indexes Includes FollowSymLinks ExecCGI
Require all granted
AllowOverride All
SetEnv no-gzip 1
AddHandler cgi-script .cgi
</Directory>
# <Directory "/usr/local/webview/www/flow" >
# Options +FollowSymLinks +ExecCGI
# AddHandler cgi-script .cgi
# </Directory>
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Check if you can execute the scripts directly on the shell, like so:
$ ./script.cgi
Your shebang might contain a trailing \r, a common trick is to replace #!/usr/bin/perl with #!/usr/bin/perl -w

Update: After further troubleshooting, I believe the problem was browser caching (sigh!) After force reloading (Cmd-Shift-R on Mac), they all execute as desired.
This explains why some of the scripts executed, and some didn't, even though they all had the same permissions and were in the same directory.
I believe the scripts that executed properly the first time were those that I tested when I had the configuration correct; the ones that simply listed their source were the ones I tested first.
For the record, the settings above are working correctly now.
And always remember: if your browser isn't showing what you expect, Force Reload.

Related

Apache2 Ubuntu getting a cgi program to run 403 error from /usr/lib/cgi-bin

Well its 2022 and httpf.conf no longer exists. its seems to be split up into site-available, and conf-available, I can't figure it out and I can't find any instructions on how to get a simple helloworld perl script to run (in runs fine from the command line" "perl hw.pl")
The index.html page works fine in firefox, and by changing the 000-default.conf I was able to at least get the script "localhost/cgi-bin/hw.pl" to change from a 404 error to a 403 error by adding the section as marked:
leslie#jl-vr0sr4:/etc/apache2/sites-available$ pwd
/etc/apache2/sites-available
jleslie#jl-vr0sr4:/etc/apache2/sites-available$ cat 000-default.conf
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
# JL:: 221116 uncomment out the include to allow cgi-bin
# Include conf-available/serve-cgi-bin.conf
#JL:: 221116 did nothing. Lets add the below:
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
AddHandler cgi-script .pl
</Directory>
#JL:: 221116 ok, that changed the 404 not found error
# to a 403 forbidden error what gives?
# Forbidden
#
# You don't have permission to access this resource.
# Apache/2.4.52 (Ubuntu) Server at 127.0.0.1 Port 80
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
So how do I now get it to actually run?
Did I do anything make a mistake in my conf file?
I also want to be able to run .exe .cgi and .sh files from /cgi-bin/ how do specify them as well?
Here is the test hello worl perl script I tried to run:
jleslie#jl-vr0sr4:/usr/lib/cgi-bin$ ll
/usr/lib/cgi-bin
total 44
drwxr-xr-x 2 root root 4096 Nov 16 09:17 ./
drwxrwxrwx 115 root root 4096 Nov 14 13:07 ../
-rwxrwxrwx 1 jleslie jleslie 30144 Nov 16 08:51 fh_fe.exe*
-rwxr-xr-x 1 root root 76 Nov 16 09:17 hw.pl*
jleslie#jl-vr0sr4:/usr/lib/cgi-bin$ cat hw.pl
#!/usr/bin/perl
print "Content-type: text/html\n\n";
print "Hello, World.";
jleslie#jl-vr0sr4:/usr/lib/cgi-bin$
OK, I finally figured it out. No thanks to the apache folks who keep changing the rules and fail to document properly how do do the most basic:
start an apache server
set up a cgi-bin directory.
They'll gladly spend pages talking about virtual hosts, and double nested hyper-crayon whatevers, but not the most basic setup: a webserver that can run cgi-bin programs. Unbelievable. /end gripe.
Anyway I edited :
/etc/apache2/sites-available/000-default.conf
with this code, to both fix and document what is necessary:
31 # JL:: 221116 uncomment out the include to allow cgi-bin
32
33 # Include conf-available/serve-cgi-bin.conf
34
35 #JL:: 221116 did nothing. Lets add the below:
36
37
38 #ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
39 #<Directory "/usr/lib/cgi-bin">
40 ScriptAlias /cgi-bin/ /var/www/cgi-bin/
41 <Directory "/var/www/cgi-bin">
42 AllowOverride None
43 Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
44 Order allow,deny
45 Allow from all
46 AddHandler cgi-script .pl .exe .cgi .sh
47 </Directory>
48
49 #JL:: 221116 ok, that changed the 404 not found error
50 # to a 403 forbidden error what gives?
51 # Forbidden
52 #
53 # You don't have permission to access this resource.
54 # Apache/2.4.52 (Ubuntu) Server at 127.0.0.1 Port 80
55
56 # here is the fix. run this at the command line:
57
58 ### RUNME ****> cd /etc/apache2/mods-enabled
59 ### RUNME ****> sudo ln -s ../mods-available/cgi.load
60
61
62 </VirtualHost>
63
Here is the complete history (with my mistakes, don't bother with them,) of the session that fixed the issue:
1807 cd /etc/apache2/sites-available/
1808 vi 000-default.conf
1809 sudo systemctl stop apache2
1810 sudo systemctl start apache2
1811 cd ..
1812 cd conf-available/
1813 ll
1814 vi serve-cgi-bin.conf
1815 cd ../sites-available/
1816 ll
1817 vi 000-default.conf
1818 pwd
1819 cd /etc/apache2/mods-enabled
1820 sudo ln -s ../mods-available/cgi.load
1821 ll
1822 sudo systemctl stop apache2
1823 sudo systemctl start apache2
please note in the documentation the double secret "turn on cgi-bin" by making the soft link. It took me over an hour of searching on the internet to find that one. - J

403 Errors on Apache server

I changed home directory of Apache "/var/www/html" into "/gwanwoonam/web"
After that, web server returns 403 Error - Forbidden
You don't have permission to access /info.php on this server.
How Can I fixed that
I googled, and found Solution on permission and SELinux.
I turned off SELinux, So It is disabled.
[gwanwoonam#localhost web]$ getenforce
Disabled
Secondly I tried to edit conf file
sudo vim /etc/httpd/conf/httpd.conf
<Directory />
AllowOverride none
#Require all denied
Require all granted
Allow from all
</Directory>
...
DocumentRoot "/home/gwanwoonam/web"
...
<Directory "/home/gwanwoonam/web">
AllowOverride None
# Allow open access:
Require all granted
Allow from all
</Directory>
...
<Directory "/home/gwanwoonam/web">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Require all granted
Allow from all
</Directory>
...
And, I put the permission 777 at web directory, sub folder and files of it.
drwxrwxrwx. 2 gwanwoonam gwanwoonam 40 Jul 21 12:19 web
-rwxrwxrwx. 1 gwanwoonam gwanwoonam 106 Jul 21 11:52 index.html
-rwxrwxrwx. 1 gwanwoonam gwanwoonam 66 Jul 21 12:19 info.php
However, I cannot solve this problem..
How Can I find solution?
LOGS
[Sun Jul 21 14:04:57.852935 2019] [core:error] [pid 1918] (13)Permission denied: [client ::1:51512] AH00035: access to /favicon.ico denied (filesystem path '/home/gwanwoonam/web') because search permissions are missing on a component of the path, referer: localhost
[Sun Jul 21 14:05:00.422975 2019] [core:error] [pid 1923] (13)Permission denied: [client 127.0.0.1:42228] AH00035: access to / denied (filesystem path '/home/gwanwoonam/web') because search permissions are missing on a component of the path
In your question you showed this:
drwxrwxrwx. 2 gwanwoonam gwanwoonam 40 Jul 21 12:19 web
-rwxrwxrwx. 1 gwanwoonam gwanwoonam 106 Jul 21 11:52 index.html
-rwxrwxrwx. 1 gwanwoonam gwanwoonam 66 Jul 21 12:19 info.php
Note that index.html and info.php are not under the web directory. Therefore Apache cannot find them since you told it DocumentRoot "/home/gwanwoonam/web".
Move your files into /home/gwanwoonam/web, then Apache will see them.
Then, to ensure you do not have a permissions issue, at the filesystem level, run this:
chmod 755 /home/gwanwoonam/web
find /home/gwanwoonam/web -type d -exec chmod 755 {} \;
find /home/gwanwoonam/web -type f -exec chmod 644 {} \;
This will put permissions
drwxr-xr-x on all directories (including /home/gwanwoonam/web)
and
-rw-r--r-- on files.
This way your Apache should be able to read all files under web, and return them back to you.
Add the line below to your existing code:
restorecon -r /home/gwanwoonam/web

Why am i getting forbidden error in browser

I am a new user to apache and trying to learn and have setup a domain just for learning and testing. However, before I even start i am getting Forbidden You do not have permission to access this document.. I know after research that this error has to do with either http.conf or .htaccess file.
I do not have .htaccess file in directory and have posted my http.conf file. I would be grateful if someone could help me to overcome this problem. Many thanks
FYI I have replaced sensitive data with leading zeros.
PHP: v5.4 fastcgi
APACHE: Apache/2.2.15 (Unix)
Here is result of: ls -la
total 468
dr-xr-x--- 5 root root 4096 Aug 10 2014 .
dr-xr-xr-x 26 root root 4096 Apr 3 12:19 ..
-rw------- 1 root root 1325 Jul 11 2011 anaconda-ks.cfg
drwxr-xr-x 2 root root 4096 Jan 23 03:49 .autoinstaller
-rw------- 1 root root 9454 Apr 3 12:18 .bash_history
-rw-r--r-- 1 root root 18 May 20 2009 .bash_logout
-rw-r--r-- 1 root root 176 May 20 2009 .bash_profile
-rw-r--r-- 1 root root 176 Sep 23 2004 .bashrc
-rw-r--r-- 1 root root 29 Aug 5 2014 created
-rw-r--r-- 1 root root 100 Sep 23 2004 .cshrc
-rw-r--r-- 1 root root 8730 Jul 11 2011 install.log
-rw-r--r-- 1 root root 3094 Jul 11 2011 install.log.syslog
-rw-r--r-- 1 root root 130324 Jan 8 2013 kmod-e1000e-2.1.4-1.el6.elrepo.x86_64.rpm
-rw-r--r-- 1 root root 135820 Sep 23 2013 kmod-e1000e-2.5.4-1.el6.elrepo.x86_64.rpm
-rw-r--r-- 1 root root 116252 Sep 23 2013 kmod-igb-5.0.5-1.el6.elrepo.x86_64.rpm
drwxr-xr-x 59 root root 4096 Apr 3 03:25 parallels
drwx------ 2 root root 4096 Aug 10 2014 .spamassassin
-rw-r--r-- 1 root root 129 Dec 3 2004 .tcshrc
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
#IF YOU REQUIRE TO APPLY CUSTOM MODIFICATIONS, PERFORM THEM IN THE FOLLOWING FILES:
#/var/www/vhosts/system/domain.co.uk/conf/vhost.conf
<VirtualHost 00.00.00.00.:0000 >
ServerName "domain.co.uk:80"
ServerAlias "www.domain.co.uk"
ServerAlias "ipv4.domain.co.uk"
ServerAdmin "pa#domain.com"
UseCanonicalName Off
DocumentRoot "/var/www/vhosts/domain.co.uk/httpdocs"
CustomLog /var/www/vhosts/system/domain.co.uk/logs/access_log plesklog
ErrorLog "/var/www/vhosts/system/domain.co.uk/logs/error_log"
<IfModule mod_suexec.c>
SuexecUserGroup "peterc" "psacln"
</IfModule>
<IfModule mod_userdir.c>
UserDir "/var/www/vhosts/domain.co.uk/web_users"
</IfModule>
<IfModule mod_sysenv.c>
SetSysEnv PP_VHOST_ID "7d9a2c29-8013-470b-a6eb-36549a513f6b"
</IfModule>
ScriptAlias "/cgi-bin/" "/var/www/vhosts/domain.co.uk/httpdocs/cgi-bin/"
Alias "/plesk-stat" "/var/www/vhosts/system/domain.co.uk/statistics"
<Location /plesk-stat/>
Options +Indexes
</Location>
<Location /plesk-stat/logs/>
Require valid-user
</Location>
Alias /webstat /var/www/vhosts/system/domain.co.uk/statistics/webstat
Alias /webstat-ssl /var/www/vhosts/system/domain.co.uk/statistics/webstat-ssl
Alias /ftpstat /var/www/vhosts/system/domain.co.uk/statistics/ftpstat
Alias /anon_ftpstat /var/www/vhosts/system/domain.co.uk/statistics/anon_ftpstat
Alias /awstats-icon /var/www/html/awstats/icon
<IfModule mod_ssl.c>
SSLEngine off
</IfModule>
SetEnv PP_CUSTOM_PHP_INI /var/www/vhosts/system/domain.co.uk/etc/php.ini
SetEnv PP_CUSTOM_PHP_CGI_INDEX fastcgi
<IfModule mod_fcgid.c>
FcgidInitialEnv PP_CUSTOM_PHP_INI /var/www/vhosts/system/domain.co.uk/etc/php.ini
FcgidInitialEnv PP_CUSTOM_PHP_CGI_INDEX fastcgi
FcgidMaxRequestLen 134217728
</IfModule>
<Directory /var/www/vhosts/domain.co.uk/httpdocs>
<IfModule mod_perl.c>
<Files ~ (\.pl$)>
SetHandler perl-script
PerlHandler ModPerl::Registry
Options +ExecCGI
allow from all
PerlSendHeader On
</Files>
</IfModule>
<IfModule mod_python.c>
<Files ~ (\.py$)>
SetHandler python-program
PythonHandler mod_python.cgihandler
</Files>
</IfModule>
<IfModule mod_fcgid.c>
<Files ~ (\.fcgi$)>
SetHandler fcgid-script
Options +ExecCGI
</Files>
</IfModule>
<IfModule mod_fcgid.c>
<Files ~ (\.php$)>
SetHandler fcgid-script
FCGIWrapper /var/www/cgi-bin/cgi_wrapper/cgi_wrapper .php
Options +ExecCGI
</Files>
</IfModule>
Options -Includes +ExecCGI
</Directory>
<Directory "/var/www/vhosts/system/domain.co.uk/statistics">
AuthType Basic
AuthName "Domain statistics"
AuthUserFile "/var/www/vhosts/system/domain.co.uk/pd/d..httpdocs#plesk-stat"
require valid-user
</Directory>
Alias /error_docs /var/www/vhosts/domain.co.uk/error_docs
ErrorDocument 400 /error_docs/bad_request.html
ErrorDocument 401 /error_docs/unauthorized.html
ErrorDocument 403 /error_docs/forbidden.html
ErrorDocument 404 /error_docs/not_found.html
ErrorDocument 500 /error_docs/internal_server_error.html
ErrorDocument 405 /error_docs/method_not_allowed.html
ErrorDocument 406 /error_docs/not_acceptable.html
ErrorDocument 407 /error_docs/proxy_authentication_required.html
ErrorDocument 412 /error_docs/precondition_failed.html
ErrorDocument 414 /error_docs/request_uri_too_long.html
ErrorDocument 415 /error_docs/unsupported_media_type.html
ErrorDocument 501 /error_docs/not_implemented.html
ErrorDocument 502 /error_docs/bad_gateway.html
ErrorDocument 503 /error_docs/maintenance.html
<IfModule mod_security2.c>
</IfModule>
</VirtualHost>
in response to comment:
$ sudo chown -R apache:root /path/to/website
$ sudo find /path/to/website -type f -exec chmod 644 {} \;
$ sudo find /path/to/website -type d -exec chmod 755 {} \;
this will chown (change owner) recursivly in your website root to apache:root (you can change to your server user). It then finds all the files (-type f) and executes a chmod 644 and find the directories (-type d) and executes a chmod 755 - hope this helps :)

What is the criteria for rsyslogd to create symbolic link to my own file similar to /var/log/messages

When I check the file descriptors opened by rsyslogd, i see the process have created symbolic link to /var/log/messages and similar files,
root#blr09> ll /proc/16635/fd
total 0
lr-x------. 1 root root 64 Jan 4 08:29 0 -> /dev/null
l-wx------. 1 root root 64 Jan 4 08:29 1 -> /dev/null
l-wx------. 1 root root 64 Jan 4 08:29 10 -> **/var/log/authlog**
lr-x------. 1 root root 64 Jan 4 08:29 11 -> /run/log/journal/3da3ce2773004947b9a8d40578a1fb8b/system.journal
l-wx------. 1 root root 64 Jan 4 08:29 2 -> /dev/null
lrwx------. 1 root root 64 Jan 4 08:29 3 -> socket:[4422054]
l-wx------. 1 root root 64 Jan 4 08:29 4 -> **/var/log/messages**
lr-x------. 1 root root 64 Jan 4 08:29 5 -> /run/log/journal/3da3ce2773004947b9a8d40578a1fb8b/system#3a558a8cce7b45a6bf810fe33c7a89d6-0000000000011e3c-0005453c395dc7aa.journal
lr-x------. 1 root root 64 Jan 4 08:29 6 -> /run/log/journal/3da3ce2773004947b9a8d40578a1fb8b/system#3a558a8cce7b45a6bf810fe33c7a89d6-0000000000000001-00054520bb84848d.journal
lr-x------. 1 root root 64 Jan 4 08:29 7 -> anon_inode:inotify
l-wx------. 1 root root 64 Jan 4 08:29 8 -> **/var/log/secure**
l-wx------. 1 root root 64 Jan 4 08:29 9 -> **/var/log/cron**
root#blr09>
Below is rsyslog.conf
# rsyslog configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
#### GLOBAL DIRECTIVES ####
# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on
# File to store the position in the journal
$IMJournalStateFile imjournal.state
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* ##remote-host:514
# ### end of the forwarding rule ###
auth.info /var/log/authlog
*.* #127.0.0.1:10514
My requirement is to create a similar file of /var/log/messages for some application messages so that rsyslog will send all the messages to port 10514 as configured in rsyslog.conf.
Could you please let me know how this can be achieved.

Can't display files from a vsftpd server on centos 6

It's a Centos 6 running apache server and vsftpd server. Problem is not about connection, it's about displaying folder from local_root directory.
Here is /etc/vsftpd/vsftpd.conf :
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this ou$
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you w$
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# The target log file can be vsftpd_log_file or xferlog_file.
# This depends on setting xferlog_std_format parameter
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# The name of log file when xferlog_enable=YES and xferlog_std_format=YES
# WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log
#xferlog_file=/var/log/xferlog
#
# Switches between logging into vsftpd_log_file and xferlog_file files.
# NO writes to vsftpd_log_file, YES to xferlog_file
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do AS$
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
ascii_upload_enable=YES
ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_local_user=YES
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd with two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES
## Heading ##
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
chroot_local_user=YES
local_root=/var/www
user_sub_token=$USER
Here is ls -l output in / folder :
[root#daniel /]# ls -l
total 98
dr-xr-xr-x. 2 root root 4096 2015-05-14 04:43 bin
dr-xr-xr-x. 5 root root 1024 2015-05-12 15:33 boot
drwxr-xr-x. 20 root root 3820 2015-06-05 02:30 dev
drwxr-xr-x. 103 root root 12288 2015-06-05 03:03 etc
drwxr-xr-x. 5 root root 4096 2015-05-08 06:54 home
dr-xr-xr-x. 11 root root 4096 2015-05-08 05:13 lib
dr-xr-xr-x. 9 root root 12288 2015-06-04 03:25 lib64
drwx------. 2 root root 16384 2015-05-08 04:13 lost+found
drwxr-xr-x. 2 root root 4096 2011-09-23 14:50 media
drwxr-xr-x. 2 root root 0 2015-06-05 02:29 misc
drwxr-xr-x. 2 root root 4096 2011-09-23 14:50 mnt
drwxr-xr-x. 2 root root 0 2015-06-05 02:29 net
drwxr-xr-x. 3 root root 4096 2015-05-08 05:13 opt
dr-xr-xr-x. 167 root root 0 2015-06-05 02:29 proc
dr-xr-x---. 10 root root 4096 2015-06-04 03:02 root
dr-xr-xr-x. 2 root root 12288 2015-05-24 03:34 sbin
drwxr-xr-x. 7 root root 0 2015-06-05 02:29 selinux
drwxr-xr-x. 2 root root 4096 2011-09-23 14:50 srv
drwxr-xr-x. 13 root root 0 2015-06-05 02:29 sys
drwxrwxrwt. 3 root root 4096 2015-06-05 03:28 tmp
drwxr-xr-x. 13 root root 4096 2015-05-08 05:04 usr
drwxr-xr-x. 22 root root 4096 2015-06-04 02:57 var
This folder is displayed in browser or ftp connection(ftp 192.168.1.10) but /var/www is not :(.
Also ls -l /var/www :
[root#daniel /]# ls -al /var/www
total 84
drwxrwxr-x+ 11 root root 4096 2015-06-04 05:32 .
drwxr-xr-x. 22 root root 4096 2015-06-04 02:57 ..
drwxrwxr-x+ 3 root root 4096 2015-05-22 06:09 site1.com
drwxrwxr-x+ 3 root root 4096 2015-05-22 05:30 site2.com
drwxrwxr-x+ 2 root root 4096 2015-06-02 05:59 cgi-bin
drwxrwxr-x+ 3 root root 4096 2015-05-20 05:55 error
drwxrwxr-x+ 2 root root 4096 2015-06-04 05:32 ftp
drwxrwxr-x+ 2 root root 4096 2015-05-22 03:55 html
drwxrwxr-x+ 3 root root 4096 2015-05-20 05:58 icons
drwxrwxr-x+ 3 root root 4096 2015-05-22 05:30 site3.com
drwxrwxr-x+ 2 root root 4096 2015-05-19 07:26 usage
And also selinux bools for ftp :
[root#daniel /]# getsebool -a | grep ftp
allow_ftpd_anon_write --> off
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
ftp_home_dir --> on
ftpd_connect_db --> off
ftpd_use_fusefs --> off
ftpd_use_passive_mode --> off
httpd_enable_ftp_server --> off
tftp_anon_write --> off
tftp_use_cifs --> off
tftp_use_nfs --> off
Sorry for this too long question, but I tried to expose all details you need to solve this problem.
Thanks in advance for your help!
Solution to your problem is:
setsebool -P allow_ftpd_full_access=1
In your vsFTPD conf file:
• chroot_local_user = YES
• allow_writeable_chroot=YES

Resources