Apache httpd cant write to /etc/sysconfig/network-scripts/ - linux

Im trying to use a script ,thats started by apache through the server, to change the ifcfg-eth0 file in network-scripts.
I have SELinux disabled so thats not the issue. Also I changed the whole /etc/ group and user to apache, yet it still did not work.
The script does work if I put the file in /var/www/cgi-bin.
I also get a permission denied error in the apache log file.

I can't bring myself to help you make Apache write to files in /etc/sysconfig/network-scripts/. But there is another option: create a symlink from /etc/sysconfig/network-scripts/ifcfg-eth0 to a file that Apache can write to, for example:
mv /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.bak
ln -s /var/www/cgi-bin/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0
This way, your (ahem, dangerous) CGI script can rewrite the file in /var/www/cgi-bin, and the system can get the network settings from it.

Related

apache2 on ubuntu webserver rejects permission to access any other file than the delivered index.html

I am trying to set up a webserver running on Ubuntu. I have installed Apache and changed the root directory to an other directory within /var/www/. When I copy the index.html provided by Apache to that directory, I can access that file via remote webbrowser. But if I want to use a different index.html file, even really basic ones, I get an error: "Forbidden You don't have permission to access this resource". I have also tried to download that html, alter just a few lines and put it back on to the server with the result that it also shows that error. If I rename the initially provided index.html to index2.html I can still access it. I do not understand how it is possible that only this exact file is working.
I have tried to grant more permissions with Directory and restarted Apache but it won't work. I am rather new to Linux and Apache, can only use the terminal on my webserver and I do not know what else to do. Please help.
Change the permissions on the file, too, not just the folder. Pretty sure this fix it.
For diagnostic correction, allow permission for all by typing:
sudo chmod -R 777 /path/to/index.html

Symlink to raspberry pi webroot breaks

I have my raspberry pi setup as an internal web server. I have an external hard drive connected to the pi and mounted correctly.
I then symlink two folders from the hard drive to the web root on the pi, one is /Movies, and the other is /Series.
Initially this all works fine, as in if I hit http://192.168.1.17/Movies I get a list of all the files, I then click one and it starts playing no problem. However, after leaving it for a while and coming back, I can still get to the file directory in /Movies or /Series, but when I click a file, the web browser cannot open it.
I have no idea what's going on, it seems weird that I can still access the file directory, but playing a file doesn't work?
Any thoughts or help appreciated.
Are you using an apache server?
If so Symlinking is not a good idea.
An alternative which is more secure and may fix your problem is to install Userdir
sudo a2enmod userdir
Then you need to make a directory in home
mkdir public_html
Restart Apache
sudo service apache2 restart
If you want to change the home directory apache points to you can do so in /etc/apache2/mods-enabled/userdir.conf .Then change the <Directory /home/*/public_html> to the directory you want.
To access you're server simply enter ip_of_Rpi/~pi_username. e.g 192.168.0.100/~pi
more details here: http://ubuntuserverguide.com/2012/10/how-to-enable-and-configure-apache2-userdir-module-in-ubuntu-server-12-04.html
If you are using Apache web server, you can use mod_alias to map some directory in a URL path like this
Alias /mnt/external_disk01/movies /Movies
Alias /mnt/external_disk02/series /Series
Before use alias, make sure it is activated.
To activate:
a2enmod alias
more info in http://httpd.apache.org/docs/2.2/mod/mod_alias.html

Setting path variable for apache user on Amazon EC2

I can't add /usr/local/bin to the apache users PATH variable. The user doesn't have a .profile, I can't su to the user, I can't export to the PATH from php using exec and adding
SetEnv PATH /usr/local/bin
To either the http.conf or the .htaccess file doesn't make a difference. I can't find the envvars file to change that but I suspect there's some other problem.
I have restarted apache, and indeed my server.
Ended up following what Alfe suggested in his answer, except rather than in the /etc/init.d/httpd file (which could be overwritten easily on update) I added to /etc/sysconfig/httpd:
export PATH=${PATH:+$PATH:}/usr/local/bin
Have a look at the /etc/passwd to see which login shell the apache user has (on EC2 Ubuntu instances it should be /bin/sh which is a link to /bin/dash). Then have a look at the man page of that shell and find out which configuration files are read upon login. (For /bin/dash that would be .login in the user's home directory.) In those you should be able to extend your $PATH as you like.
EDIT:
Since you seem to have no login shell for that user: Have a look at the /etc/init.d/* scripts which start the system services. Apache will be one of them. They are started as root and may change the current user (e. g. to the apache user). In there you might be able to adjust the PATH as you like it.
Patching those scripts, however, is not considered typical configuration. Updates might overwrite what ever you patch there.

php5-fpm can't open file for reading

I'm trying to get my php cgi processes to read from a file on my filesystem. Both the file and parent folder have all rwx permissions allowed and the file has the same owner and group id as the php processes, www-data.
No matter how I try to open the file (read(), file_get_contents(), stream_get_contents()) I always get the same error:
failed to open stream: Permission denied
I have no problem opening the file in the php interactive session, using cat on the command line, or with python.
What is going on?
I've seen this problem before on Linux systems with SELinux enabled. The httpd process is typically given its own security context that only allows certain files to be accessed.
You can check to see if SELinux is enabled by running ls --scontext on the file and on the php script. If the two files have the same context or if ls complains about the argument then SELinux is probably not the cause of the problem.
Assuming SELinux is the cause of problem then you could try setting the file in question to have the same security context as your php script with the chcon command. For example:
chcon --reference=/var/www/html/page.php /data/filetoread
where /var/www/html/page.php is your php script and /data/filetoread is the file that you want to access.
It turns out this file was under a FUSE filesystem which had not been mounted with the allow_other option.

WordPress can't install themes

I can't workout how to solve this problem so wordpress would let me upload themes.
I have a fresh copy of Fedora 17 installed on my dev machine.
I then installed mysql using: yum install mysql mysql-server. Next I installed WordPress which also installs apache and php: yum install wordpress
I can go to http://localhost/wordpress and see WordPress working. But when I try tried to install my theme it asked for ftp credentials. I then updated the wp-config.php file and set the FS_METHOD constant to direct. Now it doesn't ask for ftp credentials but it gives me this error:
Could not create directory. /usr/share/wordpress/wp-content/themes/my-theme-name/
httpd service is running under 'apache' user and 'apache' group. The /usr/share/wordpress/ directory is recursively own by 'apache' user and 'apache' group too. I've even set the permissions to 777 (also recursively) and even then I keep getting the same error as above.
How can I solve this problem?
Fedoras SELinux configuration is most probably blocking the attempts of the webserver to write to the disk. To change the settings for your wordpress folder you can run this command (as root):
chcon -R -t httpd_sys_content_rw_t /usr/share/wordpress/wp-content
No need to do chmod 777 to the whole folder, this is a huge security risk. Of course this is for direct filesystem access, you have to disable the ftp access. For ftp access you will have to look up the right SELinux context.
You got the check these lines in your Wp-config.php (aproximatively line 105) :
define('FTP_USER', 'usr');
define('FTP_PASS', 'P#ssw0rd');
define('FTP_HOST', 'url');
You process of web server is running on apache but Wordpress will use the account define in the wp-config.php . So you got to set the group of your user to get access to these files.
Setting permissions 777 is not a solution, you got to care about it.

Resources