Kbase P107092: Can not run webspeed cgiip messenger on RedHat Linux 4 when "passive mode" is enabled by default
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
03/09/2008 |
|
Status: Verified
SYMPTOM(s):
Can not run webspeed cgiip messenger
cgiip:Permission denied on RedHat 4.0
Errors running cgiip messenger
Error shows on the browser:
Unable to load enhlog dynamic library, error <errno> (11077)
Errors in web server log file
path_to_wspd_cgi.sh: line number: path_to_DLC/bin/cgiip:Permission denied
[Time stamp] [error] [client IP] Premature end of script headers: wspd_cgi.sh
Permissions for cgiip are set correctly
The wspd_cgi.sh is not changed in anyway
Apache Web Server
FACT(s) (Environment):
RedHat Enterprise Linux 4.0
CAUSE:
Linux RedHat 4 comes with "enforcement mode" turned on by default. Any script that is attempted to be run outside of Linux's cgi-bin directory will fail as well as port connections to another machine.wspd_cgi.sh sets DLC environment variable, then attempts to run cgiip from $DLC/bin location, which is not allowed by "enforcement mode".
FIX:
As a temporary measure, switch from "enforcement mode" to "passive mode" that allows scripts to run outside of cgi-bin directory
echo "0" >/selinux/enforce
switches the machine into permissive mode at runtime. This is not a permanent fix. If the machine is rebooted, the fix needs to be reapplied.
To Set SELinux passive mode on boot:
** CAUTION: not fully tested on a production environment. **
OPTION 1.
as root
vi /etc/selinux/config
add or change the setting for SELINUX to disabled
SELINUX=disabled
OPTION 2.
cat >> /etc/rc.d/selinux-permsv << EOF
#!/bin/sh
echo 0 > /selinux/enforce
EOF
chmod ugo+x /etc/rc.d/selinux-permsv
rc-update add default selinux-permsv