On Nov 21, 2017, at 11:42, david david@daku.org wrote:
Folks
I'm having file-access problems in Apache 2.4 under Centos 7. In particular:
I have a file that's readable to every user and every application, (writeable by only one user), but my CGI scripts cannot read it.
Some of my CGI scripts need temporary storage for some files. They are, for example, some internal log files, tnat get cleaned up over time, but I want to be able to look at them (as root). Where would you suggest they be placed? I've tried /tmp/my_private_files/, and /var/tmp/my_private_files/, but Apache fails to find even the directory.
Here's some extra information SELINUX is disabled.
I modified my CGI script to report where in the path to /tmp/my_private_files/temp_log.log the process failed. The Perl code I ran is:
my $x = ""; print STDERR "Trying to read /tmp/ramdisk/keys.txt\n"; for (split ///, "/tmp/ramdisk/keys.txt") { next unless $_; $x .= "/$_"; print STDERR "Test $x, " , (-e $x?"exists":"does not exist"), "\n"; }
And the output in the http error log for this virtual user, (timestamp and other error log data stripped) was:
AH01215: Trying to read /tmp/ramdisk/keys.txt AH01215: Test /tmp, exists AH01215: Test /tmp/ramdisk, does not exist AH01215: Test /tmp/ramdisk/keys.txt, does not exist
Using the "dir -l" command as root, I discover:
dir -l / | grep tmp drwxrwxrwt. 16 root root 4096 Nov 21 08:35 tmp
dir -l /tmp | grep ramdisk drwxrwxrwt 2 root root 140 Nov 21 08:35 ramdisk
dir -l /tmp/ramdisk | grep keys.txt -rw-r--r-- 1 user1 user1 11829 Nov 21 08:29 keys.txt
Any suggestions?
The httpd.servicce unit in c7 has: PrivateTmp=true
Which means that Apache has its own private /tmp namespace. So it’s probably working, just not where you expect.
Don’t use /tmp in CGIs.
(And don’t disable selinux, particularly for web apps) -- Jonathan Billings