On Nov 21, 2017, at 11:42, david <david at daku.org> wrote: > > Folks > > I'm having file-access problems in Apache 2.4 under Centos 7. In particular: > > - I have a file that's readable to every user and every application, (writeable by only one user), but my CGI scripts cannot read it. > > - Some of my CGI scripts need temporary storage for some files. They are, for example, some internal log files, tnat get cleaned up over time, but I want to be able to look at them (as root). Where would you suggest they be placed? I've tried /tmp/my_private_files/, and /var/tmp/my_private_files/, but Apache fails to find even the directory. > > Here's some extra information > SELINUX is disabled. > > I modified my CGI script to report where in the path to /tmp/my_private_files/temp_log.log the process failed. The Perl code I ran is: > > > my $x = ""; > print STDERR "Trying to read /tmp/ramdisk/keys.txt\n"; > for (split /\//, "/tmp/ramdisk/keys.txt") { > next unless $_; > $x .= "/$_"; > print STDERR "Test $x, " , (-e $x?"exists":"does not exist"), "\n"; > } > > And the output in the http error log for this virtual user, (timestamp and other error log data stripped) was: > > AH01215: Trying to read /tmp/ramdisk/keys.txt > AH01215: Test /tmp, exists > AH01215: Test /tmp/ramdisk, does not exist > AH01215: Test /tmp/ramdisk/keys.txt, does not exist > > Using the "dir -l" command as root, I discover: > > dir -l / | grep tmp > drwxrwxrwt. 16 root root 4096 Nov 21 08:35 tmp > > dir -l /tmp | grep ramdisk > drwxrwxrwt 2 root root 140 Nov 21 08:35 ramdisk > > dir -l /tmp/ramdisk | grep keys.txt > -rw-r--r-- 1 user1 user1 11829 Nov 21 08:29 keys.txt > > > Any suggestions? > The httpd.servicce unit in c7 has: PrivateTmp=true Which means that Apache has its own private /tmp namespace. So it’s probably working, just not where you expect. Don’t use /tmp in CGIs. (And don’t disable selinux, particularly for web apps) -- Jonathan Billings