Apache 1.3 + Nagios CGI = failure
Lukasz Szmit
lukasz.szmit at ucd.ie
Fri Nov 4 18:00:56 CET 2005
On Fri, 2005-11-04 at 15:13 +0000, Lukasz Szmit wrote:
> On Fri, 2005-11-04 at 15:32 +0100, Andreas Ericsson wrote:
> > Oh. And here I was thinking you'd checked that the webuser has
> > regular
> > unix access to execute the cgi-files. Apparently you didn't, although
> > the log shouts it out loud and clear.
> >
> > Hint; The permission denied can be from any of the directories above
> > where the files are stored. The apache user needs +x on every
> > directory
> > along the way.
>
> Well, all relevant directories under /usr have a+x, and that is enough
> for Apache to get to /usr/nagios/sbin and execute the files.
>
> I may have found the source of my problem.
> The GRSecurity kernel patch option "Trusted Path Execution" seems to be
> blocking Apache from executing the CGIs. I'm just recompiling the kernel
> with TPE disabled and will check if that helps. I'll share with the
> group once I have some results.
OK, GRSecurity was the root cause.
While using that patch make sure that either of these is done:
- make sure that CONFIG_GRKERNSEC_TPE is not set in kernel .config file
- enable CONFIG_GRKERNSEC_TPE AND make sure you have a respective policy
setup and enabled (see gradm documentation).
regards,
--
Lukasz Szmit | University College Dublin
Computing Services | +353-1-716-2651
http://www.ucd.ie/computing/aboutus.html
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list