Re: [CODE4LIB] calling another webpage within CGI script - solved!
An interesting topic ... heading out to cast vote now. In our environment, about 6 years ago we informally identified the gap (grey area, war, however it is described) between server / network managers and developers / Librarians as an obstacle to our end goals and have put considerable effort into closing it. The key efforts being communication (more planning, meetings, informal sessions), collaboration (no-one is working in a vacuum), and the willingness to expand/stretch job descriptions (programmers sometimes participate in hardware / OS work and sysadmins will attend interface / application planning meetings). Supportive management helps. The end result is that sysadmins try as hard as possible to fully understand what an application is doing/requires on "their" hardware/networks, and programmers almost never run any applications that sysadmins don't know about. So, SELinux has never been a problem because we know what a server needs to do before it ends up in a developer's hands and developers know not to pound their heads against the desk for a day before talking to sysadmins about something that doesn't work. Well, for the most part, anyway ;-) -Graham Ross Singer wrote: On Tue, Nov 24, 2009 at 11:18 AM, Graham Stewart wrote: We run many Library / web / database applications on RedHat servers with SELinux enabled. Sometimes it takes a bit of investigation and horsing around but I haven't yet found a situation where it had to be disabled. setsebool and chcon can solve most problems and SELinux is an excellent enhancement to standard filesystem and ACL security. Agreed that SELinux is useful but it is a tee-otal pain in the keister if you're ignorantly working against it because you didn't actually know it was there. It's sort of the perfect embodiment between the disconnect between the developer and the sysadmin. And, if this sort of tension interests you, vote for Bess Sadler's presentation at Code4lib 2010: "Vampires vs. Werewolves: Ending the War Between Developers and Sysadmins with Puppet" and anything else that interests you. http://vote.code4lib.org/election/index/13 -Ross "Bringin' it on home" Singer. -- Graham Stewart Network and Storage Services Manager, Information Technology Services University of Toronto Library 130 St. George Street Toronto, Ontariograham.stew...@utoronto.ca Canada M5S 1A5Phone: 416-978-6337 | Mobile: 416-550-2806 | Fax: 416-978-1668
Re: [CODE4LIB] calling another webpage within CGI script - solved!
On Tue, Nov 24, 2009 at 11:18 AM, Graham Stewart wrote: > We run many Library / web / database applications on RedHat servers with > SELinux enabled. Sometimes it takes a bit of investigation and horsing > around but I haven't yet found a situation where it had to be disabled. > setsebool and chcon can solve most problems and SELinux is an excellent > enhancement to standard filesystem and ACL security. Agreed that SELinux is useful but it is a tee-otal pain in the keister if you're ignorantly working against it because you didn't actually know it was there. It's sort of the perfect embodiment between the disconnect between the developer and the sysadmin. And, if this sort of tension interests you, vote for Bess Sadler's presentation at Code4lib 2010: "Vampires vs. Werewolves: Ending the War Between Developers and Sysadmins with Puppet" and anything else that interests you. http://vote.code4lib.org/election/index/13 -Ross "Bringin' it on home" Singer.
Re: [CODE4LIB] calling another webpage within CGI script - solved!
Hi, We run many Library / web / database applications on RedHat servers with SELinux enabled. Sometimes it takes a bit of investigation and horsing around but I haven't yet found a situation where it had to be disabled. setsebool and chcon can solve most problems and SELinux is an excellent enhancement to standard filesystem and ACL security. -Graham -- Graham Stewart Network and Storage Services Manager, Information Technology Services University of Toronto Library 130 St. George Street Toronto, Ontariograham.stew...@utoronto.ca Canada M5S 1A5Phone: 416-978-6337 | Mobile: 416-550-2806 | Fax: 416-978-1668 Ken Irwin wrote: Hi all, Thanks for your extensive suggestions and comments. A few folks suggested that SELinux might be the issue. Tobin's suggestion to change one of the settings proved effective: "# setsebool -P httpd_can_network_connect 1". Thanks to everyone who helped -- I learned a lot. Joys Ken -Original Message- From: Code for Libraries [mailto:code4...@listserv.nd.edu] On Behalf Of Greg McClellan Sent: Tuesday, November 24, 2009 10:04 AM To: CODE4LIB@LISTSERV.ND.EDU Subject: Re: [CODE4LIB] calling another webpage within CGI script Hi, I had a similar problem a while back which was solved by disabling SELinux. http://www.crypt.gen.nz/selinux/disable_selinux.html -Greg