On Sun, Jun 28, 2015 at 05:44:11PM -0400, dan moylan wrote:
> 1st: in my code:
> $fll = "/home/moylan/www/cgi-bin/stuff/moyts6.log";
> $fhl = new FileHandle ();
> $fhl->open ($fll, "w") or die "couldn't open $fll";
> $fhl->printf ("# MOYTS6\n\n");
>
> it was apache trying to write to stuff with permissions
> 755 owned by moylan.moylan. i added moylan to apache groups
> and set stuff permissions to 775 and that got fixed.
>
> 2nd: selinux permissive mode was required.
>
> when those two things were done the script worked just fine.
>
> now, do you have any suggestions as to how i might adjust
> selinux for my particular problem without putting it in the
> permissive mode?
Is there a special reason why the cgi directory is writable
by the web server? It's a more usual practice to place log files in
a separate directory from code and make sure that the code directory
is NOT writable by the web server.
One of the benefits of a separate logging directory is that this problem goes
away
and your system is more secure.
_______________________________________________
Boston-pm mailing list
[email protected]
http://mail.pm.org/mailman/listinfo/boston-pm
