Move to Centos 7: Can't open perl script Permission Denied

Beaker has asked for the wisdom of the Perl Monks concerning the following question:

I'm provisioning a new server to move my site, currently I'm trying to get my test site working there.

The old server was Centos 6 and the new one is the latest Centos 7

The file system has been copied over with the same permissions. The same users and ownership are set up.

Apache is set up the same as far as I can match them.

At first I was getting an error: Permission denied: exec of...

I realised this was likely SELinux, which wasn't on the old server, and got rid of this error by setting the context on my cgi-bin to httpd_sys_script_exec_t

However, the new error is: " Can't open perl script.. permission denied"

I get the same error on a basic helloworld.pl

I have played around with the chmod to no avail.

httpd.conf has:

AddHandler cgi-script .cgi .pl

Also:

Options ExecCGI

on the virtual host, I have also tried running the helloworld.pl script in the default /var/www/cgi-bin folder

Edit: I think I've fixed this now

Comment on Move to Centos 7: Can't open perl script Permission Denied Select or Download Code

Replies are listed 'Best First'.
Re: Move to Centos 7: Can't open perl script Permission Denied by Corion (Patriarch) on Feb 07, 2018 at 12:28 UTC
If Apache (or whoever) tells you that they can't open a script because they get permission denied, a first look would be at the permissions of all files involved and at the user(s) that the scripts are being executed as: Determine user (and uid) of the user trying to run the script. Most likely this will either be the `httpd` user or the user your web server is configured to run CGI scripts as. Permissions of the script and all directories above the script. The directories should ideally all have `r`ead and e`x`ecute permissions. Permissions of the interpreter named on the first line of the script. The script must start with `#!/usr/bin/perl -w` or something like that. Check that the interpreter used exists and that the permissions on the interpreter executable and the containing directories also match the CGI users set. As you don't show any code or configuration, it's hard to give more concrete advice. Maybe the error log files of your webserver tell you some more details.	[reply] [d/l] [select]
Re^2: Move to Centos 7: Can't open perl script Permission Denied by Beaker (Beadle) on Feb 07, 2018 at 12:35 UTC
Thank you, I'm working through things and may have fixed it, will report back	[reply]
Re^3: Move to Centos 7: Can't open perl script Permission Denied by Beaker (Beadle) on Feb 07, 2018 at 18:11 UTC
Turns out this is a SELinux problem, I turned it off ("permissive" instead of "enforcing") and it works. So now I just need to figure all that out :/ Update: OK so what seems to have done the trick is changing the context role on my website folder in /var/www to system_u (instead of unconfined_u) This is along with other changes i.e. setting httpd_sys_content_t as the context on everything in that folder, except cgi-bin which I've set to httpd_sys_script_exec_t	[reply]