<div dir="ltr"><p>Have you tried piping the environment that suexec / apache is passing to the m.py to a file and having a look?</p><p>e.g. env | /tmp/myout or something pythonesque?</p><p>Can you do that with STDERR too? </p><p>May give you a hint.</p><p>And is your netlama UID > 500?</p><p><br></p><p dir="ltr">On 11/10/2014 3:28 AM, "Lonni J Friedman" <<a href="mailto:netllama@gmail.com" target="_blank">netllama@gmail.com</a>> wrote:<br></p><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Thu, Oct 9, 2014 at 6:58 PM, James McDonald<br>
<<a href="mailto:james@jamesmcdonald.id.au" target="_blank">james@jamesmcdonald.id.au</a>> wrote:<br>
> Not something silly like having 700 set on /home/user or below ?<br>
<br>
Nope:<br>
<br>
[netllama@netllama home]$ ls -ld /home/<br>
drwxr-xr-x. 4 root root 34 Jan 31 2014 /home/<br>
[netllama@netllama home]$ ls -ld /home/netllama/<br>
drwx--x--x. 45 netllama netllama 4096 Oct 10 08:52 /home/netllama/<br>
[netllama@netllama home]$ ls -ld /home/netllama/public_html/<br>
drwxrwxr-x 4 netllama netllama 48 Oct 6 09:33 /home/netllama/public_html/<br>
[netllama@netllama home]$ ls -ld /home/netllama/public_html/cgi-bin/<br>
drwxrwxr-x 2 netllama netllama 30 Oct 8 10:31<br>
/home/netllama/public_html/cgi-bin/<br>
<br>
<br>
><br>
> Still using suexec what does suexec -V say?<br>
<br>
/usr/sbin/suexec -V<br>
-D AP_DOC_ROOT="/var/www"<br>
-D AP_GID_MIN=100<br>
-D AP_HTTPD_USER="apache"<br>
-D AP_LOG_SYSLOG<br>
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"<br>
-D AP_UID_MIN=500<br>
-D AP_USERDIR_SUFFIX="public_html"<br>
<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> On 10 October 2014 12:40, David A. Bandel <<a href="mailto:david.bandel@gmail.com" target="_blank">david.bandel@gmail.com</a>> wrote:<br>
>><br>
>> Lonnie,<br>
>><br>
>> Well, I believe you still need a "required" line in the<br>
>> /home/*/public_html/ directory portion, but I'm running out of ideas.<br>
>><br>
>> 1. Are you using apparmor? If so, kill it.<br>
>><br>
>> Try this for your userdir.conf:<br>
>> <IfModule mod_userdir.c><br>
>> UserDir public_html<br>
>> UserDir disabled root<br>
>> AddHandler cgi-script .cgi .pl<br>
>> <Directory /home/*/public_html><br>
>> AllowOverride FileInfo AuthConfig Limit Indexes<br>
>> Options Includes MultiViews Indexes SymLinksIfOwnerMatch<br>
>> Require all granted<br>
>> </Directory><br>
>> <Directory /home/*/public_html/cgi-bin><br>
>> AllowOverride FileInfo AuthConfig Limit Indexes<br>
>> Options ExecCGI Includes MultiViews SymLinksIfOwnerMatch<br>
>> Require all granted<br>
>> </IfModule><br>
>><br>
>> If the above doesn't work, try accessing from your browser via your<br>
>> hostname vice localhost (if no DNS for the hostname, just add to<br>
>> /etc/hosts).<br>
>><br>
>> Starting to run low on ideas ...<br>
>><br>
>> David-<br>
>><br>
>><br>
>> On Thu, Oct 9, 2014 at 10:52 AM, Lonni J Friedman <<a href="mailto:netllama@gmail.com" target="_blank">netllama@gmail.com</a>><br>
>> wrote:<br>
>>><br>
>>> I made the changes that you recommended, restarted apache, but it<br>
>>> didn't help. Still getting the same cryptic error. I've attached<br>
>>> userdir.conf with the changes, in case I somehow screwed it up.<br>
>>><br>
>>> thanks<br>
>>><br>
>>> On Wed, Oct 8, 2014 at 7:21 PM, David A. Bandel <<a href="mailto:david.bandel@gmail.com" target="_blank">david.bandel@gmail.com</a>><br>
>>> wrote:<br>
>>> > Lonnie,<br>
>>> ><br>
>>> > I see two glaring errors:<br>
>>> > 1. no ScriptAlias directive in the userdir.conf file (see main file<br>
>>> > for<br>
>>> > use)<br>
>>> > 2. The file set up the userdir area read-only. In the cgi-bin stanza,<br>
>>> > you<br>
>>> > need:<br>
>>> > Require all granted (in 2.4 the two lines Order Allow Deny and Allow<br>
>>> > from<br>
>>> > all became the one Require line -- it's also more flexible)<br>
>>> > The stanza for the directory above it has Require method GET POST<br>
>>> > OPTIONS<br>
>>> > which locks this area and subdirectories down<br>
>>> ><br>
>>> > You might want to remove Indexes from your cgi-bin area. Do you really<br>
>>> > want<br>
>>> > folks to be able to get a directory listing of the cgi-bin directory?<br>
>>> > (no,<br>
>>> > you really don't)<br>
>>> ><br>
>>> > With those changes and a reload, it should work.<br>
>>> ><br>
>>> > Before you go production, make sure you remove the cgitb (cgi trace<br>
>>> > back)<br>
>>> > module. No sense giving the bad guys more ammo.<br>
>>> ><br>
>>> > David-<br>
>>> ><br>
>>> > On Wed, Oct 8, 2014 at 2:11 PM, Lonni J Friedman <<a href="mailto:netllama@gmail.com" target="_blank">netllama@gmail.com</a>><br>
>>> > wrote:<br>
>>> >><br>
>>> >> That's correct, the script works just fine when in /var/www/cgi-bin.<br>
>>> >> mod_cgi is explicitly loaded.<br>
>>> >><br>
>>> >> I've attached my config files. userdir.conf & 01-cgi.conf are<br>
>>> >> included from httpd.conf.<br>
>>> >><br>
>>> >> On Wed, Oct 8, 2014 at 12:06 PM, David A. Bandel<br>
>>> >> <<a href="mailto:david.bandel@gmail.com" target="_blank">david.bandel@gmail.com</a>><br>
>>> >> wrote:<br>
>>> >> > Lonnie,<br>
>>> >> ><br>
>>> >> > OK, there must be a global configuration that's preventing this<br>
>>> >> > script<br>
>>> >> > from<br>
>>> >> > running. Can you post your entire config file? If you don't want<br>
>>> >> > to do<br>
>>> >> > that, I can provide an alternate means to pass it to me. Also, you<br>
>>> >> > said<br>
>>> >> > these run if you put them in your global cgi-bin directory, just not<br>
>>> >> > as<br>
>>> >> > a<br>
>>> >> > user, correct? So mod_cgi is loaded (please confirm).<br>
>>> >> ><br>
>>> >> > David-<br>
>>> >> ><br>
>>> >> > On Wed, Oct 8, 2014 at 12:34 PM, Lonni J Friedman<br>
>>> >> > <<a href="mailto:netllama@gmail.com" target="_blank">netllama@gmail.com</a>><br>
>>> >> > wrote:<br>
>>> >> >><br>
>>> >> >> I saved the script in /home/netllama/public_html/cgi-bin/m.py, made<br>
>>> >> >> it<br>
>>> >> >> executable for everyone, and ran it manually:<br>
>>> >> >><br>
>>> >> >> [netllama@netllama cgi-bin]$ ./m.py<br>
>>> >> >> Content-Type: text/plain;charset=utf-8<br>
>>> >> >><br>
>>> >> >> Hello World!<br>
>>> >> >><br>
>>> >> >><br>
>>> >> >> I then attempted to call it from firefox, and I saw another 500<br>
>>> >> >> Internal Server Error:<br>
>>> >> >> [Wed Oct 08 10:32:06.977104 2014] [cgi:error] [pid 26629] [client<br>
>>> >> >> <a href="http://127.0.0.1:59320" target="_blank">127.0.0.1:59320</a>] End of script output before headers: m.py<br>
>>> >> >><br>
>>> >> >><br>
>>> >> >> I've already got the SetHandler in the config:<br>
>>> >> >> <Directory /home/*/public_html/cgi-bin><br>
>>> >> >> AllowOverride Indexes AuthConfig<br>
>>> >> >> Options ExecCGI FollowSymLinks<br>
>>> >> >> SetHandler cgi-script<br>
>>> >> >> AddHandler cgi-script .py<br>
>>> >> >> </Directory><br>
>>> >> >><br>
>>> >> >> I'm using apache-2.4.10.<br>
>>> >> >><br>
>>> >> >><br>
>>> >> >> On Tue, Oct 7, 2014 at 7:26 PM, David A. Bandel<br>
>>> >> >> <<a href="mailto:david.bandel@gmail.com" target="_blank">david.bandel@gmail.com</a>><br>
>>> >> >> wrote:<br>
>>> >> >> > Lonnie,<br>
>>> >> >> ><br>
>>> >> >> > Phew -- yep, this is why I hate this error.<br>
>>> >> >> ><br>
>>> >> >> > Try this:<br>
>>> >> >> > /----start of script----/<br>
>>> >> >> > #!/usr/bin/env python<br>
>>> >> >> > # -*- coding: UTF-8 -*-<br>
>>> >> >> ><br>
>>> >> >> > # enable debugging<br>
>>> >> >> > import cgitb<br>
>>> >> >> > cgitb.enable()<br>
>>> >> >> ><br>
>>> >> >> > print "Content-Type: text/plain;charset=utf-8"<br>
>>> >> >> > print<br>
>>> >> >> ><br>
>>> >> >> > print "Hello World!"<br>
>>> >> >> ><br>
>>> >> >> > ----/end of script/----<br>
>>> >> >> ><br>
>>> >> >> > Your script and this one (call it test.py) should both be<br>
>>> >> >> > executable,<br>
>>> >> >> > owned<br>
>>> >> >> > by the same user, and in the user's cgi-bin directory.<br>
>>> >> >> ><br>
>>> >> >> > Ensure you can run both from the command line, then try to run<br>
>>> >> >> > them<br>
>>> >> >> > in<br>
>>> >> >> > apache by connecting with a browser.<br>
>>> >> >> ><br>
>>> >> >> > If test.py works, but your foo.py script doesn't, the problem is<br>
>>> >> >> > in<br>
>>> >> >> > your<br>
>>> >> >> > foo.py script. Make sure your script is outputting a<br>
>>> >> >> > content-type<br>
>>> >> >> > line<br>
>>> >> >> > (see<br>
>>> >> >> > above).<br>
>>> >> >> ><br>
>>> >> >> > If the test.py does not work, we have a configuration issue.<br>
>>> >> >> ><br>
>>> >> >> > Could also add a "SetHandler: cgi-script" to your cgi-directory<br>
>>> >> >> > stanza.<br>
>>> >> >> ><br>
>>> >> >> > BTW: which version of apache? 2.2 or 2.4 (some declarations<br>
>>> >> >> > changed<br>
>>> >> >> > between<br>
>>> >> >> > these two version numbers)<br>
>>> >> >> ><br>
>>> >> >> ><br>
>>> >> >> > David-<br>
>>> >> >> ><br>
>>> >> >> ><br>
>>> >> >> > On Tue, Oct 7, 2014 at 6:17 PM, Lonni J Friedman<br>
>>> >> >> > <<a href="mailto:netllama@gmail.com" target="_blank">netllama@gmail.com</a>><br>
>>> >> >> > wrote:<br>
>>> >> >> >><br>
>>> >> >> >> I definitely have suexec enabled:<br>
>>> >> >> >> [Mon Oct 06 16:09:31.<a href="tel:518777%202014" value="+15187772014" target="_blank">518777 2014</a>] [suexec:notice] [pid 20128]<br>
>>> >> >> >> AH01232:<br>
>>> >> >> >> suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)<br>
>>> >> >> >><br>
>>> >> >> >> Renaming the suexec binary, and retrying didn't really help:<br>
>>> >> >> >> [Tue Oct 07 16:17:15.854011 2014] [cgi:error] [pid 26631]<br>
>>> >> >> >> [client<br>
>>> >> >> >> <a href="http://127.0.0.1:55657" target="_blank">127.0.0.1:55657</a>] AH01215: (2)No such file or directory: exec of<br>
>>> >> >> >> '/usr/sbin/suexec' failed<br>
>>> >> >> >> [Tue Oct 07 16:17:15.854671 2014] [cgi:error] [pid 26631]<br>
>>> >> >> >> [client<br>
>>> >> >> >> <a href="http://127.0.0.1:55657" target="_blank">127.0.0.1:55657</a>] End of script output before headers: foo.py<br>
>>> >> >> >><br>
>>> >> >> >> I added a handler to the "<Directory<br>
>>> >> >> >> /home/*/public_html/cgi-bin>"<br>
>>> >> >> >> section of my apache config, but that didn't have any impact on<br>
>>> >> >> >> the<br>
>>> >> >> >> problem.<br>
>>> >> >> >><br>
>>> >> >> >> Any other suggestions?<br>
>>> >> >> >><br>
>>> >> >> >><br>
>>> >> >> >> On Tue, Oct 7, 2014 at 6:28 AM, David A. Bandel<br>
>>> >> >> >> <<a href="mailto:david.bandel@gmail.com" target="_blank">david.bandel@gmail.com</a>><br>
>>> >> >> >> wrote:<br>
>>> >> >> >> > Lonnie,<br>
>>> >> >> >> ><br>
>>> >> >> >> > With or without suexec, you will need a handler line:<br>
>>> >> >> >> > AddHandler cgi-script .cgi .py<br>
>>> >> >> >> > (make sure the above line has the pertinent extension, like<br>
>>> >> >> >> > .py<br>
>>> >> >> >> > and<br>
>>> >> >> >> > your<br>
>>> >> >> >> > python script ends in .py)<br>
>>> >> >> >> ><br>
>>> >> >> >> > If using suexec, you should see a line in your error_log:<br>
>>> >> >> >> > suEXEC mechanism enabled<br>
>>> >> >> >> ><br>
>>> >> >> >> > Your script must be runable by suEXEC user. You might find<br>
>>> >> >> >> > it<br>
>>> >> >> >> > easier<br>
>>> >> >> >> > to<br>
>>> >> >> >> > disable suexec (unless you need it). Just rename the suexec<br>
>>> >> >> >> > script<br>
>>> >> >> >> > and<br>
>>> >> >> >> > restart apache and test. If you the script works but you need<br>
>>> >> >> >> > suexec<br>
>>> >> >> >> > (because you're going to have lots of users that need to run<br>
>>> >> >> >> > CGI<br>
>>> >> >> >> > scripts),<br>
>>> >> >> >> > then you'll need to troubleshoot the suexec mess.<br>
>>> >> >> >> ><br>
>>> >> >> >> > David-<br>
>>> >> >> >> ><br>
>>> >> >> >> > On Mon, Oct 6, 2014 at 8:55 PM, Lonni J Friedman<br>
>>> >> >> >> > <<a href="mailto:netllama@gmail.com" target="_blank">netllama@gmail.com</a>><br>
>>> >> >> >> > wrote:<br>
>>> >> >> >> >><br>
>>> >> >> >> >> Hi David,<br>
>>> >> >> >> >> I was actually leaning towards some kind of apache<br>
>>> >> >> >> >> configuration<br>
>>> >> >> >> >> issue, but clearly i'm not the expert here, or I would have<br>
>>> >> >> >> >> figured<br>
>>> >> >> >> >> it<br>
>>> >> >> >> >> out myself :)<br>
>>> >> >> >> >><br>
>>> >> >> >> >> To answer your questions:<br>
>>> >> >> >> >> Its a python script that I'm trying to run.<br>
>>> >> >> >> >> $HOME is on the same partition as / (which is the same<br>
>>> >> >> >> >> partition<br>
>>> >> >> >> >> as<br>
>>> >> >> >> >> the apache $DOCROOT). Its all on a development system, not<br>
>>> >> >> >> >> anything<br>
>>> >> >> >> >> resembling production.<br>
>>> >> >> >> >> The user's UID is greater than 1000.<br>
>>> >> >> >> >> I am using suexec.<br>
>>> >> >> >> >><br>
>>> >> >> >> >> I'd be happy to answer any other questions.<br>
>>> >> >> >> >><br>
>>> >> >> >> >> thanks<br>
>>> >> >> >> >><br>
>>> >> >> >> >><br>
>>> >> >> >> >> On Mon, Oct 6, 2014 at 6:45 PM, David A. Bandel<br>
>>> >> >> >> >> <<a href="mailto:david.bandel@gmail.com" target="_blank">david.bandel@gmail.com</a>><br>
>>> >> >> >> >> wrote:<br>
>>> >> >> >> >> > Lonnie,<br>
>>> >> >> >> >> ><br>
>>> >> >> >> >> > This is one of the most annoying, frustrating errors. All<br>
>>> >> >> >> >> > it<br>
>>> >> >> >> >> > says<br>
>>> >> >> >> >> > is<br>
>>> >> >> >> >> > that<br>
>>> >> >> >> >> > the script didn't work. This may be permissions. It may<br>
>>> >> >> >> >> > be<br>
>>> >> >> >> >> > your<br>
>>> >> >> >> >> > $HOME<br>
>>> >> >> >> >> > mount is non-executable. Difficult to say. You didn't say<br>
>>> >> >> >> >> > what<br>
>>> >> >> >> >> > kind<br>
>>> >> >> >> >> > of<br>
>>> >> >> >> >> > script it was (Perl, PHP, shell). Is the UID of the user<br>
>>> >> >> >> >> > greater<br>
>>> >> >> >> >> > than<br>
>>> >> >> >> >> > 1000?<br>
>>> >> >> >> >> > Are you using suexec?<br>
>>> >> >> >> >> ><br>
>>> >> >> >> >> > I hate this error. Will be either one of the permissions<br>
>>> >> >> >> >> > issues<br>
>>> >> >> >> >> > above<br>
>>> >> >> >> >> > or<br>
>>> >> >> >> >> > some Apache configuration issue (I'm betting on<br>
>>> >> >> >> >> > permissions).<br>
>>> >> >> >> >> ><br>
>>> >> >> >> >> > David-<br>
>>> >> >> >> >> ><br>
>>> >> >> >> >> > On Mon, Oct 6, 2014 at 5:57 PM, Lonni J Friedman<br>
>>> >> >> >> >> > <<a href="mailto:netllama@gmail.com" target="_blank">netllama@gmail.com</a>><br>
>>> >> >> >> >> > wrote:<br>
>>> >> >> >> >> >><br>
>>> >> >> >> >> >> Howdy folks,<br>
>>> >> >> >> >> >> Any cgi/apach experts still around? I'm trying to get cgi<br>
>>> >> >> >> >> >> scripts<br>
>>> >> >> >> >> >> working from $USERDIR on a new Fedora system, and they all<br>
>>> >> >> >> >> >> fail<br>
>>> >> >> >> >> >> with<br>
>>> >> >> >> >> >> internal server errors. In the apache error log, I see:<br>
>>> >> >> >> >> >> [cgi:error] End of script output before headers<br>
>>> >> >> >> >> >><br>
>>> >> >> >> >> >> If I copy the script over to the server $DOCROOT/cgi-bin<br>
>>> >> >> >> >> >> then<br>
>>> >> >> >> >> >> it<br>
>>> >> >> >> >> >> runs<br>
>>> >> >> >> >> >> just fine. So this proves the script itself isn't the<br>
>>> >> >> >> >> >> problem.<br>
>>> >> >> >> >> >> Additionally, non-cgi scripts are served just fine from<br>
>>> >> >> >> >> >> $USERDIR.<br>
>>> >> >> >> >> >> Both the cgi-bin directory and the script itself are<br>
>>> >> >> >> >> >> executable<br>
>>> >> >> >> >> >> for<br>
>>> >> >> >> >> >> all users (755). This is what I've got set in the apache<br>
>>> >> >> >> >> >> config<br>
>>> >> >> >> >> >> for<br>
>>> >> >> >> >> >> the USERDIR directory structure:<br>
>>> >> >> >> >> >><br>
>>> >> >> >> >> >> <Directory "/home/*/public_html"><br>
>>> >> >> >> >> >> AllowOverride FileInfo AuthConfig Limit Indexes<br>
>>> >> >> >> >> >> Options MultiViews Indexes SymLinksIfOwnerMatch<br>
>>> >> >> >> >> >> ExecCGI<br>
>>> >> >> >> >> >> Require method GET POST OPTIONS<br>
>>> >> >> >> >> >> </Directory><br>
>>> >> >> >> >> >><br>
>>> >> >> >> >> >> <Directory /home/*/public_html/cgi-bin><br>
>>> >> >> >> >> >> AllowOverride Indexes AuthConfig<br>
>>> >> >> >> >> >> Options ExecCGI<br>
>>> >> >> >> >> >> SetHandler cgi-script<br>
>>> >> >> >> >> >> </Directory><br>
>>> >> >> >> >> >><br>
>>> >> >> >> >> >><br>
>>> >> >> >> >> >> Anyone know what I'm missing?<br>
>>> >> >> >> >> >><br>
>>> >> >> >> >> >> thanks<br>
>>> >> >> >> >><br>
>>><br>
>>><br>
>>> --<br>
>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
>>> L. Friedman <a href="mailto:netllama@gmail.com" target="_blank">netllama@gmail.com</a><br>
>>> LlamaLand <a href="http://netllama.linux-sxs.org" target="_blank">http://netllama.linux-sxs.org</a><br>
>>><br>
>>> _______________________________________________<br>
>>> Linux-users mailing list<br>
>>> <a href="mailto:Linux-users@linux-sxs.org" target="_blank">Linux-users@linux-sxs.org</a><br>
>>> <a href="http://mailman.celestial.com/mailman/listinfo/linux-users" target="_blank">http://mailman.celestial.com/mailman/listinfo/linux-users</a><br>
>>><br>
>><br>
>><br>
>><br>
>> --<br>
>> Two things are infinite: the universe and human stupidity; and I'm not<br>
>> sure about the the universe. -- Albert Einstein<br>
>> Visit my web page at: <a href="http://david.bandel.us/" target="_blank">http://david.bandel.us/</a><br>
>><br>
>> _______________________________________________<br>
>> Linux-users mailing list<br>
>> <a href="mailto:Linux-users@linux-sxs.org" target="_blank">Linux-users@linux-sxs.org</a><br>
>> <a href="http://mailman.celestial.com/mailman/listinfo/linux-users" target="_blank">http://mailman.celestial.com/mailman/listinfo/linux-users</a><br>
>><br>
><br>
><br>
> _______________________________________________<br>
> Linux-users mailing list<br>
> <a href="mailto:Linux-users@linux-sxs.org" target="_blank">Linux-users@linux-sxs.org</a><br>
> <a href="http://mailman.celestial.com/mailman/listinfo/linux-users" target="_blank">http://mailman.celestial.com/mailman/listinfo/linux-users</a><br>
><br>
<br>
<br>
<br>
--<br>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
L. Friedman <a href="mailto:netllama@gmail.com" target="_blank">netllama@gmail.com</a><br>
LlamaLand <a href="http://netllama.linux-sxs.org" target="_blank">http://netllama.linux-sxs.org</a><br>
_______________________________________________<br>
Linux-users mailing list<br>
<a href="mailto:Linux-users@linux-sxs.org" target="_blank">Linux-users@linux-sxs.org</a><br>
<a href="http://mailman.celestial.com/mailman/listinfo/linux-users" target="_blank">http://mailman.celestial.com/mailman/listinfo/linux-users</a><br>
</blockquote></div>
</div>