Re^2: cgi script write to crontab

When I implemented your code, it said that I "Can't open file for writing. Permission denied at /var/www/cgi-bin/test.cgi line 9". Line 9 is this line...

open(OUT, ">>/home/jma/Documents/cron-job") or die "Can't open file fo
+r writing: $!";
[download]

My cron-job file is set to 777(just for test purposes) though. Why would my permissions be denied?

Comment on Re^2: cgi script write to crontab Download Code

Replies are listed 'Best First'.
Re^3: cgi script write to crontab by moritz (Cardinal) on May 13, 2008 at 22:51 UTC
One possible reason is that one of the directories that the file is in doesn't allow the web server to access the file (for example if /home/jma is 750 the story ends here). Another is Security-Enhanced Linux which assigns a "context" to each process, and Apache has the "www" context. It can't access files that don't have that context, and `/home/` doesn't. Selinux is enabled by default on Red Hat distributions and those that are based on it (like CentOS).	[reply] [d/l]
Re^4: cgi script write to crontab by Niner710 (Sexton) on May 14, 2008 at 00:55 UTC
Ok, thanks moritz. I basically have a webpage that takes input from the user. I want to process the output of that html form and do a specific action with perl script. The perl script will take arguments from what the user specified in the html form and would run in cron. So this is what I would like to do. It seems from what you were saying earlier in the chatterbox that this is unsafe. I should not run the cgi script and output into a cron file. What would you recommend to be a safe way to do this? Database? Any suggestions greatly appreciated.	[reply]
Re^5: cgi script write to crontab by Niner710 (Sexton) on May 14, 2008 at 03:28 UTC
It seems when I disable SElinux then it works. I would rather not do this. Is there a workaround to this?	[reply]
Re^4: cgi script write to crontab by Niner710 (Sexton) on May 14, 2008 at 15:58 UTC
Moritz you were right on. After playing with SeLinux(and some hair pulling) I finally got it to work. Like what Moritz said it seems that Se Linux will only allow Apache to run on directories that have the httpd context. I could have either found a directory that had that context or change the context of another directory to enable me to write to a file in that directory. Here are the commands that I used to to get it to work..... `chcon -r httpd_sys_content_t/home/jma(changes my home directory to hav +e httpd context so that I can have an apache process can run in this +directory) chmod 775 /home/jma` [download] Now, I will have to figure out if this is a safe way to do things...haha	[reply] [d/l]