CentOS 7 httpd cgi script file not able to write to /tmp - Discuss - lists.centos.org

List overview All Threads
Download

CentOS 7 httpd cgi script file not able to write to /tmp

SSSD cache case-sensitivity

CentOS-announce Digest, Vol 143,...

Jerry Geis

20 Jan 2017 20 Jan '17

2:29 p.m.

Hi all,

I have a script running in httpd. The script runs fine. However I want to "echo" some debug information into a file. The file is never created.

Is there some security thing that has to be enable/disabled to allow a script in httpd to write to a file?

Thanks,

Jerry

Reply

Show replies by date

Leroy Tennison

20 Jan 20 Jan

3:28 p.m.

Just a speculation but /tmp is usually world-writable which leads me to suspect SELinux (or AppArmor with other distros.)

----- Original Message ----- From: "Jerry Geis" jerry.geis@gmail.com To: "CentOS mailing list" centos@centos.org Sent: Friday, January 20, 2017 7:29:02 AM Subject: [CentOS] CentOS 7 httpd cgi script file not able to write to /tmp

Hi all,

I have a script running in httpd. The script runs fine. However I want to "echo" some debug information into a file. The file is never created.

Is there some security thing that has to be enable/disabled to allow a script in httpd to write to a file?

Thanks,

Jerry _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos

Reply

Jerry Geis

3:54 p.m.

New subject: CentOS 7 httpd cgi script file not able to write to /tmp

Hi - Thanks for the reply.

I actually have selinux disabled on this box.

Jerry

Reply

Jerry Geis

4:19 p.m.

New subject: CentOS 7 httpd cgi script file not able to write to /tmp

Fun fact... If I echo my data to the same directory as the script is located in it works. But it does not allow writing to /tmp

I'm good with that.

Thanks,

Jerry

On Fri, Jan 20, 2017 at 9:54 AM, Jerry Geis jerry.geis@gmail.com wrote:

Hi - Thanks for the reply.

I actually have selinux disabled on this box.

Jerry

Reply

David Both

4:34 p.m.

New subject: CentOS 7 httpd cgi script file not able to write to /tmp

The behavior you describe should be normal for any web server, as it is for Apache, which is what I use. It is a security feature that prevents malicious attacks on a web server from writing malware anywhere else in the filesystem and possibly gaining elevated privileges.

On 01/20/2017 10:19 AM, Jerry Geis wrote:

Fun fact... If I echo my data to the same directory as the script is located in it works. But it does not allow writing to /tmp

I'm good with that.

Thanks,

Jerry

On Fri, Jan 20, 2017 at 9:54 AM, Jerry Geis jerry.geis@gmail.com wrote:

...
Hi - Thanks for the reply.

I actually have selinux disabled on this box.

Jerry

CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos

-- ********************************************************* David P. Both, RHCE Millennium Technology Consulting LLC Raleigh, NC, USA 919-389-8678 dboth@millennium-technology.com www.millennium-technology.com www.databook.bz - Home of the DataBook for Linux DataBook is a Registered Trademark of David Both ********************************************************* This communication may be unlawfully collected and stored by the National Security Agency (NSA) in secret. The parties to this email do not consent to the retrieving or storing of this communication and any related metadata, as well as printing, copying, re-transmitting, disseminating, or otherwise using it. If you believe you have received this communication in error, please delete it immediately.

Reply

Gary Stainburn

4:36 p.m.

New subject: CentOS 7 httpd cgi script file not able to write to /tmp

Something (possibly systemd) creates per user / per process (?) /tmp directories.

These are actually held in /tmp/systemd-private-*

Gary

On Friday 20 January 2017 15:19:52 Jerry Geis wrote:

Fun fact... If I echo my data to the same directory as the script is located in it works. But it does not allow writing to /tmp

I'm good with that.

Thanks,

Jerry

On Fri, Jan 20, 2017 at 9:54 AM, Jerry Geis jerry.geis@gmail.com wrote:

...
Hi - Thanks for the reply.

I actually have selinux disabled on this box.

Jerry

CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos

Reply

2922

Age (days ago)

2922

Last active (days ago)

discuss@lists.centos.org

5 comments

4 participants

tags (0)

participants (4)

David Both
Gary Stainburn
Jerry Geis
Leroy Tennison