cgi scripts fail to run from userdir with "End of script output before headers" errors
David A. Bandel
david.bandel at gmail.com
Wed Oct 8 19:21:31 PDT 2014
Lonnie,
I see two glaring errors:
1. no ScriptAlias directive in the userdir.conf file (see main file for
use)
2. The file set up the userdir area read-only. In the cgi-bin stanza, you
need:
Require all granted (in 2.4 the two lines Order Allow Deny and Allow from
all became the one Require line -- it's also more flexible)
The stanza for the directory above it has Require method GET POST OPTIONS
which locks this area and subdirectories down
You might want to remove Indexes from your cgi-bin area. Do you really
want folks to be able to get a directory listing of the cgi-bin directory?
(no, you really don't)
With those changes and a reload, it should work.
Before you go production, make sure you remove the cgitb (cgi trace back)
module. No sense giving the bad guys more ammo.
David-
On Wed, Oct 8, 2014 at 2:11 PM, Lonni J Friedman <netllama at gmail.com> wrote:
> That's correct, the script works just fine when in /var/www/cgi-bin.
> mod_cgi is explicitly loaded.
>
> I've attached my config files. userdir.conf & 01-cgi.conf are
> included from httpd.conf.
>
> On Wed, Oct 8, 2014 at 12:06 PM, David A. Bandel <david.bandel at gmail.com>
> wrote:
> > Lonnie,
> >
> > OK, there must be a global configuration that's preventing this script
> from
> > running. Can you post your entire config file? If you don't want to do
> > that, I can provide an alternate means to pass it to me. Also, you said
> > these run if you put them in your global cgi-bin directory, just not as a
> > user, correct? So mod_cgi is loaded (please confirm).
> >
> > David-
> >
> > On Wed, Oct 8, 2014 at 12:34 PM, Lonni J Friedman <netllama at gmail.com>
> > wrote:
> >>
> >> I saved the script in /home/netllama/public_html/cgi-bin/m.py, made it
> >> executable for everyone, and ran it manually:
> >>
> >> [netllama at netllama cgi-bin]$ ./m.py
> >> Content-Type: text/plain;charset=utf-8
> >>
> >> Hello World!
> >>
> >>
> >> I then attempted to call it from firefox, and I saw another 500
> >> Internal Server Error:
> >> [Wed Oct 08 10:32:06.977104 2014] [cgi:error] [pid 26629] [client
> >> 127.0.0.1:59320] End of script output before headers: m.py
> >>
> >>
> >> I've already got the SetHandler in the config:
> >> <Directory /home/*/public_html/cgi-bin>
> >> AllowOverride Indexes AuthConfig
> >> Options ExecCGI FollowSymLinks
> >> SetHandler cgi-script
> >> AddHandler cgi-script .py
> >> </Directory>
> >>
> >> I'm using apache-2.4.10.
> >>
> >>
> >> On Tue, Oct 7, 2014 at 7:26 PM, David A. Bandel <david.bandel at gmail.com
> >
> >> wrote:
> >> > Lonnie,
> >> >
> >> > Phew -- yep, this is why I hate this error.
> >> >
> >> > Try this:
> >> > /----start of script----/
> >> > #!/usr/bin/env python
> >> > # -*- coding: UTF-8 -*-
> >> >
> >> > # enable debugging
> >> > import cgitb
> >> > cgitb.enable()
> >> >
> >> > print "Content-Type: text/plain;charset=utf-8"
> >> > print
> >> >
> >> > print "Hello World!"
> >> >
> >> > ----/end of script/----
> >> >
> >> > Your script and this one (call it test.py) should both be executable,
> >> > owned
> >> > by the same user, and in the user's cgi-bin directory.
> >> >
> >> > Ensure you can run both from the command line, then try to run them in
> >> > apache by connecting with a browser.
> >> >
> >> > If test.py works, but your foo.py script doesn't, the problem is in
> your
> >> > foo.py script. Make sure your script is outputting a content-type
> line
> >> > (see
> >> > above).
> >> >
> >> > If the test.py does not work, we have a configuration issue.
> >> >
> >> > Could also add a "SetHandler: cgi-script" to your cgi-directory
> stanza.
> >> >
> >> > BTW: which version of apache? 2.2 or 2.4 (some declarations changed
> >> > between
> >> > these two version numbers)
> >> >
> >> >
> >> > David-
> >> >
> >> >
> >> > On Tue, Oct 7, 2014 at 6:17 PM, Lonni J Friedman <netllama at gmail.com>
> >> > wrote:
> >> >>
> >> >> I definitely have suexec enabled:
> >> >> [Mon Oct 06 16:09:31.518777 2014] [suexec:notice] [pid 20128]
> AH01232:
> >> >> suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
> >> >>
> >> >> Renaming the suexec binary, and retrying didn't really help:
> >> >> [Tue Oct 07 16:17:15.854011 2014] [cgi:error] [pid 26631] [client
> >> >> 127.0.0.1:55657] AH01215: (2)No such file or directory: exec of
> >> >> '/usr/sbin/suexec' failed
> >> >> [Tue Oct 07 16:17:15.854671 2014] [cgi:error] [pid 26631] [client
> >> >> 127.0.0.1:55657] End of script output before headers: foo.py
> >> >>
> >> >> I added a handler to the "<Directory /home/*/public_html/cgi-bin>"
> >> >> section of my apache config, but that didn't have any impact on the
> >> >> problem.
> >> >>
> >> >> Any other suggestions?
> >> >>
> >> >>
> >> >> On Tue, Oct 7, 2014 at 6:28 AM, David A. Bandel
> >> >> <david.bandel at gmail.com>
> >> >> wrote:
> >> >> > Lonnie,
> >> >> >
> >> >> > With or without suexec, you will need a handler line:
> >> >> > AddHandler cgi-script .cgi .py
> >> >> > (make sure the above line has the pertinent extension, like .py and
> >> >> > your
> >> >> > python script ends in .py)
> >> >> >
> >> >> > If using suexec, you should see a line in your error_log:
> >> >> > suEXEC mechanism enabled
> >> >> >
> >> >> > Your script must be runable by suEXEC user. You might find it
> >> >> > easier
> >> >> > to
> >> >> > disable suexec (unless you need it). Just rename the suexec script
> >> >> > and
> >> >> > restart apache and test. If you the script works but you need
> suexec
> >> >> > (because you're going to have lots of users that need to run CGI
> >> >> > scripts),
> >> >> > then you'll need to troubleshoot the suexec mess.
> >> >> >
> >> >> > David-
> >> >> >
> >> >> > On Mon, Oct 6, 2014 at 8:55 PM, Lonni J Friedman <
> netllama at gmail.com>
> >> >> > wrote:
> >> >> >>
> >> >> >> Hi David,
> >> >> >> I was actually leaning towards some kind of apache configuration
> >> >> >> issue, but clearly i'm not the expert here, or I would have
> figured
> >> >> >> it
> >> >> >> out myself :)
> >> >> >>
> >> >> >> To answer your questions:
> >> >> >> Its a python script that I'm trying to run.
> >> >> >> $HOME is on the same partition as / (which is the same partition
> as
> >> >> >> the apache $DOCROOT). Its all on a development system, not
> anything
> >> >> >> resembling production.
> >> >> >> The user's UID is greater than 1000.
> >> >> >> I am using suexec.
> >> >> >>
> >> >> >> I'd be happy to answer any other questions.
> >> >> >>
> >> >> >> thanks
> >> >> >>
> >> >> >>
> >> >> >> On Mon, Oct 6, 2014 at 6:45 PM, David A. Bandel
> >> >> >> <david.bandel at gmail.com>
> >> >> >> wrote:
> >> >> >> > Lonnie,
> >> >> >> >
> >> >> >> > This is one of the most annoying, frustrating errors. All it
> says
> >> >> >> > is
> >> >> >> > that
> >> >> >> > the script didn't work. This may be permissions. It may be
> your
> >> >> >> > $HOME
> >> >> >> > mount is non-executable. Difficult to say. You didn't say what
> >> >> >> > kind
> >> >> >> > of
> >> >> >> > script it was (Perl, PHP, shell). Is the UID of the user
> greater
> >> >> >> > than
> >> >> >> > 1000?
> >> >> >> > Are you using suexec?
> >> >> >> >
> >> >> >> > I hate this error. Will be either one of the permissions issues
> >> >> >> > above
> >> >> >> > or
> >> >> >> > some Apache configuration issue (I'm betting on permissions).
> >> >> >> >
> >> >> >> > David-
> >> >> >> >
> >> >> >> > On Mon, Oct 6, 2014 at 5:57 PM, Lonni J Friedman
> >> >> >> > <netllama at gmail.com>
> >> >> >> > wrote:
> >> >> >> >>
> >> >> >> >> Howdy folks,
> >> >> >> >> Any cgi/apach experts still around? I'm trying to get cgi
> >> >> >> >> scripts
> >> >> >> >> working from $USERDIR on a new Fedora system, and they all fail
> >> >> >> >> with
> >> >> >> >> internal server errors. In the apache error log, I see:
> >> >> >> >> [cgi:error] End of script output before headers
> >> >> >> >>
> >> >> >> >> If I copy the script over to the server $DOCROOT/cgi-bin then
> it
> >> >> >> >> runs
> >> >> >> >> just fine. So this proves the script itself isn't the problem.
> >> >> >> >> Additionally, non-cgi scripts are served just fine from
> $USERDIR.
> >> >> >> >> Both the cgi-bin directory and the script itself are executable
> >> >> >> >> for
> >> >> >> >> all users (755). This is what I've got set in the apache
> config
> >> >> >> >> for
> >> >> >> >> the USERDIR directory structure:
> >> >> >> >>
> >> >> >> >> <Directory "/home/*/public_html">
> >> >> >> >> AllowOverride FileInfo AuthConfig Limit Indexes
> >> >> >> >> Options MultiViews Indexes SymLinksIfOwnerMatch ExecCGI
> >> >> >> >> Require method GET POST OPTIONS
> >> >> >> >> </Directory>
> >> >> >> >>
> >> >> >> >> <Directory /home/*/public_html/cgi-bin>
> >> >> >> >> AllowOverride Indexes AuthConfig
> >> >> >> >> Options ExecCGI
> >> >> >> >> SetHandler cgi-script
> >> >> >> >> </Directory>
> >> >> >> >>
> >> >> >> >>
> >> >> >> >> Anyone know what I'm missing?
> >> >> >> >>
> >> >> >> >> thanks
> >> >> >>
> >> >> >>
> >> >> >> --
> >> >> >>
> >> >> >>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> >> >> L. Friedman netllama at gmail.com
> >> >> >> LlamaLand http://netllama.linux-sxs.org
> >> >> >> _______________________________________________
> >> >> >> Linux-users mailing list
> >> >> >> Linux-users at linux-sxs.org
> >> >> >> http://mailman.celestial.com/mailman/listinfo/linux-users
> >> >> >
> >> >> >
> >> >> >
> >> >> >
> >> >> > --
> >> >> > Two things are infinite: the universe and human stupidity; and I'm
> >> >> > not
> >> >> > sure
> >> >> > about the the universe. -- Albert Einstein
> >> >> > Visit my web page at: http://david.bandel.us/
> >> >> >
> >> >> > _______________________________________________
> >> >> > Linux-users mailing list
> >> >> > Linux-users at linux-sxs.org
> >> >> > http://mailman.celestial.com/mailman/listinfo/linux-users
> >> >> >
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> >> L. Friedman netllama at gmail.com
> >> >> LlamaLand http://netllama.linux-sxs.org
> >> >> _______________________________________________
> >> >> Linux-users mailing list
> >> >> Linux-users at linux-sxs.org
> >> >> http://mailman.celestial.com/mailman/listinfo/linux-users
> >> >
> >> >
> >> >
> >> >
> >> > --
> >> > Two things are infinite: the universe and human stupidity; and I'm not
> >> > sure
> >> > about the the universe. -- Albert Einstein
> >> > Visit my web page at: http://david.bandel.us/
> >> >
> >> > _______________________________________________
> >> > Linux-users mailing list
> >> > Linux-users at linux-sxs.org
> >> > http://mailman.celestial.com/mailman/listinfo/linux-users
> >> >
> >>
> >>
> >>
> >> --
> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> L. Friedman netllama at gmail.com
> >> LlamaLand http://netllama.linux-sxs.org
> >> _______________________________________________
> >> Linux-users mailing list
> >> Linux-users at linux-sxs.org
> >> http://mailman.celestial.com/mailman/listinfo/linux-users
> >
> >
> >
> >
> > --
> > Two things are infinite: the universe and human stupidity; and I'm not
> sure
> > about the the universe. -- Albert Einstein
> > Visit my web page at: http://david.bandel.us/
> >
> > _______________________________________________
> > Linux-users mailing list
> > Linux-users at linux-sxs.org
> > http://mailman.celestial.com/mailman/listinfo/linux-users
> >
>
>
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> L. Friedman netllama at gmail.com
> LlamaLand http://netllama.linux-sxs.org
>
> _______________________________________________
> Linux-users mailing list
> Linux-users at linux-sxs.org
> http://mailman.celestial.com/mailman/listinfo/linux-users
>
>
--
Two things are infinite: the universe and human stupidity; and I'm not sure
about the the universe. -- Albert Einstein
Visit my web page at: http://david.bandel.us/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.celestial.com/pipermail/linux-users/attachments/20141008/c1a07c77/attachment-0001.html>
More information about the Linux-users
mailing list