Staging for a rollout of EL 6, and ran into a very strange permissions issue 
with xinetd that defies all (my) logic. 

It's a script called "spfiled" that we use for messaging between our server 
cluster servers. I'm trying to get it to run with "least permissions 
necessary". Because it reads/writes files in conjunction with a web-based 
service, it runs as user "apache". 

Here's my xinet.d/spfiled.conf: (this is in dev, each developer has his own 
#################### spfiled.conf ################## 
service spfiled461
        socket_type     = stream
        wait            = no
        user            = apache
        group           = apache
        server          = /path/to/filed.php
        protocol        = tcp
        disable         = no
        bind            =
        port            = 12461
        banner_fail     = /path/to/banner_fail.txt
        cps             = 10000 0 
        max_load        = 10.0
#################### spfiled.conf ################## 

Here's the permissions of the script: 
# ls -laFd /path/to/filed.php
-rwxr-xr-- 1 bens apache 18042 Jan  7  2011 filed.php

When I restart xinetd, I see in system log: 
#################### /var/log/messages ################## 
Jul 18 16:32:25 bender xinetd[17830]: Server /path/to/filed.php is not 
executable [file=/etc/xinetd.d/spfiled461] [line=11]
Jul 18 16:32:25 bender xinetd[17830]: Error parsing attribute server - 
DISABLING SERVICE [file=/etc/xinetd.d/spfiled461] [line=11]

I've turned off SELinux completely. 
# setenforce 0; 

Strangely, setting permissions to o+x and it starts up fine, but I don't want 
to leave permissions that open. 

What am I missing? 

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

CentOS mailing list

Reply via email to