[CentOS] File access in Apache 2.4 (clarification)
Jonathan Billings
billings at negate.org
Tue Nov 21 17:24:16 UTC 2017
On Nov 21, 2017, at 11:42, david <david at daku.org> wrote:
>
> Folks
>
> I'm having file-access problems in Apache 2.4 under Centos 7. In particular:
>
> - I have a file that's readable to every user and every application, (writeable by only one user), but my CGI scripts cannot read it.
>
> - Some of my CGI scripts need temporary storage for some files. They are, for example, some internal log files, tnat get cleaned up over time, but I want to be able to look at them (as root). Where would you suggest they be placed? I've tried /tmp/my_private_files/, and /var/tmp/my_private_files/, but Apache fails to find even the directory.
>
> Here's some extra information
> SELINUX is disabled.
>
> I modified my CGI script to report where in the path to /tmp/my_private_files/temp_log.log the process failed. The Perl code I ran is:
>
>
> my $x = "";
> print STDERR "Trying to read /tmp/ramdisk/keys.txt\n";
> for (split /\//, "/tmp/ramdisk/keys.txt") {
> next unless $_;
> $x .= "/$_";
> print STDERR "Test $x, " , (-e $x?"exists":"does not exist"), "\n";
> }
>
> And the output in the http error log for this virtual user, (timestamp and other error log data stripped) was:
>
> AH01215: Trying to read /tmp/ramdisk/keys.txt
> AH01215: Test /tmp, exists
> AH01215: Test /tmp/ramdisk, does not exist
> AH01215: Test /tmp/ramdisk/keys.txt, does not exist
>
> Using the "dir -l" command as root, I discover:
>
> dir -l / | grep tmp
> drwxrwxrwt. 16 root root 4096 Nov 21 08:35 tmp
>
> dir -l /tmp | grep ramdisk
> drwxrwxrwt 2 root root 140 Nov 21 08:35 ramdisk
>
> dir -l /tmp/ramdisk | grep keys.txt
> -rw-r--r-- 1 user1 user1 11829 Nov 21 08:29 keys.txt
>
>
> Any suggestions?
>
The httpd.servicce unit in c7 has:
PrivateTmp=true
Which means that Apache has its own private /tmp namespace. So it’s probably working, just not where you expect.
Don’t use /tmp in CGIs.
(And don’t disable selinux, particularly for web apps)
--
Jonathan Billings
More information about the CentOS
mailing list