[opensuse] perl under apache2 downloads scripts instead of executiing
OS: OSE11.2 with OSE versions of PERL and Apache2. I was trying to install LedgerSMB and got to the point of trying to invoke the application but it downloads the PERL script instead of executing it. I tried adding an application preference in FireFox but nothing I've tried works. Here is what I've tried: 1. Verified that files and directories have permissions that allow access and execution 2. Added the following to the /etc/apache2/httpd.conf file: Options +ExecCGI AddHandler cgi-script .pl 3.I had intially softlinked ledgersmb to /srv/www/htdocs but removed the link and copied the app to htdocs. Please tell me what I am missing here. Thank you, Lucky Leavell -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Lucky Leavell wrote:
OS: OSE11.2 with OSE versions of PERL and Apache2.
I was trying to install LedgerSMB and got to the point of trying to invoke the application but it downloads the PERL script instead of executing it. I tried adding an application preference in FireFox but nothing I've tried works.
Here is what I've tried: 1. Verified that files and directories have permissions that allow access and execution
2. Added the following to the /etc/apache2/httpd.conf file: Options +ExecCGI AddHandler cgi-script .pl
3.I had intially softlinked ledgersmb to /srv/www/htdocs but removed the link and copied the app to htdocs.
Please tell me what I am missing here.
I think you're missing having the scripts in the right place, or equivalently you're missing having designated the place where they are as a right place. Your change [1] is probably good - it depends on exactly what ownership and permissions you've set. Your change [2] allows scripts in the cgi-bin directory to execute, not those elsewhere. See below. You're correct [3] that symlinks are a bad idea and you need to have the files wherever you want them. You need to add an apache directive to allow script execution in the directory where your scripts are. For security reasons, it's generally a bad idea to allow script execution in the htdocs document tree. It is possible, but I think you'd be better advised to move them to the standard cgi-bin or to set up a separate tree, outside of apache's document tree. I don't know anything about LedgerSMB but I'd guess that security is an important concern for a financial aplication. So I'd hope that they have pretty explicit suggestions on how to set it up securely, and also that their user community is likely to be the best place for detailed advice. Cheers, Dave -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Mon, 7 Mar 2011, Dave Howorth wrote:
Lucky Leavell wrote:
OS: OSE11.2 with OSE versions of PERL and Apache2.
I was trying to install LedgerSMB and got to the point of trying to invoke the application but it downloads the PERL script instead of executing it. I tried adding an application preference in FireFox but nothing I've tried works.
Here is what I've tried: 1. Verified that files and directories have permissions that allow access and execution
2. Added the following to the /etc/apache2/httpd.conf file: Options +ExecCGI AddHandler cgi-script .pl
3.I had intially softlinked ledgersmb to /srv/www/htdocs but removed the link and copied the app to htdocs.
Please tell me what I am missing here.
I think you're missing having the scripts in the right place, or equivalently you're missing having designated the place where they are as a right place.
Your change [1] is probably good - it depends on exactly what ownership and permissions you've set.
Your change [2] allows scripts in the cgi-bin directory to execute, not those elsewhere. See below.
You're correct [3] that symlinks are a bad idea and you need to have the files wherever you want them.
You need to add an apache directive to allow script execution in the directory where your scripts are. For security reasons, it's generally a bad idea to allow script execution in the htdocs document tree. It is possible, but I think you'd be better advised to move them to the standard cgi-bin or to set up a separate tree, outside of apache's document tree.
As it turned out, I did not have the proper path for the application in the httpd.conf file. Unfortunately, the copy I got to work is under htdocs but I'll worry about that next time. It turns out LedgerSMB does not like soft links either. Once I copied its config files back to the directory undr htdocs, it was happy. I set perms ro 775 on directories and files with owner root, group www. Data is stored in a PostgreSQL database. I may try later to move it to my OSE server since the front end is a web browser. There is no public access either physical or network. Thank you VERY much for your help!
I don't know anything about LedgerSMB but I'd guess that security is an important concern for a financial aplication. So I'd hope that they have pretty explicit suggestions on how to set it up securely, and also that their user community is likely to be the best place for detailed advice.
Cheers, Dave -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Thank you, Lucky Leavell -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Lucky Leavell wrote:
As it turned out, I did not have the proper path for the application in the httpd.conf file. Unfortunately, the copy I got to work is under htdocs but I'll worry about that next time.
It turns out LedgerSMB does not like soft links either. Once I copied its config files back to the directory undr htdocs, it was happy.
I set perms ro 775 on directories and files with owner root, group www.
I'm glad it works. Having those files owned by root is a security risk, as is having them under htdocs, as I already mentioned.
Data is stored in a PostgreSQL database. I may try later to move it to my OSE server since the front end is a web browser. There is no public access either physical or network.
Well there's not supposed to be public access but since the whole point is about possible bugs, I wouldn't bet on it ... :(
Thank you VERY much for your help!
Cheers, Dave -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 8 Mar 2011, Dave Howorth wrote:
Lucky Leavell wrote:
As it turned out, I did not have the proper path for the application in the httpd.conf file. Unfortunately, the copy I got to work is under htdocs but I'll worry about that next time.
It turns out LedgerSMB does not like soft links either. Once I copied its config files back to the directory undr htdocs, it was happy.
I set perms ro 775 on directories and files with owner root, group www.
I'm glad it works. Having those files owned by root is a security risk, as is having them under htdocs, as I already mentioned.
I changed ownership to wwwrun.
Data is stored in a PostgreSQL database. I may try later to move it to my OSE server since the front end is a web browser. There is no public access either physical or network.
Well there's not supposed to be public access but since the whole point is about possible bugs, I wouldn't bet on it ... :(
By "no public access" I meant I have no ports open on this system. The only Windows [7 VM] system is permitted access to the internet to retrieve patches and is never allowed to browse or touch email.
Thank you VERY much for your help!
Cheers, Dave -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Thank you, Lucky Leavell -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (2)
-
Dave Howorth -
Lucky Leavell