[SOLVED] Perl: require "/var/www/whateverIwish/myfile.pl"

[potentsinfo]

I might be dating my perl days. 10+ years ago, I could put into any program I desired absolute path and filename to any perl snippet I might wish to use and presto any sub in the place is mine to play with... still that way yes? Have @INC not included errors, and all the web talks about are modules.

O.k. might be misstating the effort.

My script does everything it's supposed to from the command line. (it's inside my cgi-bin script area), but when the web browser connects it fails
Can't locate /var/www/library/formgen.pl in @INC
(all my files are mod 755).


at

require "/var/www/library/formgen.pl";

which I wrote a very long time back to assist me in html generation. Refresh my rusty skills, if I've an absolute path, does it matter what path settings are elsewhere? from user or root csh or bsh it does what I think it should.

p.s. formgen.pl does not refer to any other file.

[atreyu]

The web server (Apache?) is probably not running as root. Are you sure that the web server user (possibly "nobody" - check the output of ps) has access to that file?

try this simple perl CGI script as a test:

Code:

#!/usr/bin/perl
use strict;
use warnings;
use CGI::Carp qw(fatalsToBrowser);
my $file = "/var/www/library/formgen.pl";
open(FH,'<',$file) or die $!;
print "opened file successfully\n";
close(FH);

[potentsinfo]

You're right some permission problems:
[Tue Nov 20 11:07:24 2012] [error] [client 10.0.0.3] [Tue Nov 20 11:07:24 2012] showlib.pl: Permission denied at /var/www/cgi-bin/showlib.pl line 6.

at open the file. however both

Code:

sudo -u apache ./showlib.pl

and

Code:

sudo -u nobody ./showlib.pl

opens the libary succesfully..
and the library and cgi-bin are on the same www directory with 755 permissions throughout.
if I change the permissions to 750, does nothing from the above code (doesn't show any output to screen)

so somewhere in the cobwebs (at least I remember how to use vi) some way (rsh? rlogin? csh?) to switch from the root to a nobody account, to check the permissions from command line [sighs can't beleive I'm asking about permission problems]

SO STILL THINKING!! The permissons required from the webserver are different from that a command line user. Is there some block of referring to directories outside the apache setup.

[atreyu]

show the output of these commands (run as root):

Code:

ls -ld /var/www/library/formgen.pl
ls -ld /var/www/library/
ls -ld /var/www/
ls -ld /var/

Also, is SELinux running? Check with:

Code:

getenforce

temporarily disable with:

Code:

setenforce 0

[Pockets64]

> require "/var/www/library/formgen.pl";

Being called from a WEB page? Your root directory is no longer /, but the root directory of the WEB site. Probably /library.

It's been several years since I've put PERL in a WEB site. But I see this is the way for PHP requires.

[atreyu]

> require "/var/www/library/formgen.pl";

Being called from a WEB page? Your root directory is no longer /, but the root directory of the WEB site. Probably /library.

that's true of other webpages trying to access the file, but CGI scripts are run in the "real" file system.

[potentsinfo]

Grunt Work:

Code:

[root@rd shane]# ls -ld /var/www/library/formgen.pl
-rwxr-xr-x. 1 shane shane 5877 Nov 19 22:27 /var/www/library/formgen.pl
[root@rd shane]# ls -ld /var/www/library/
drwxr-xr-x. 3 shane shane 4096 Nov 19 22:32 /var/www/library/
[root@rd shane]# ls -ld /var/www/
drwxr-xr-x. 12 shane shane 4096 Nov 19 23:08 /var/www/
[root@rd shane]# ls -ld /var/
drwxr-xr-x. 20 root root 4096 Aug 17 17:08 /var/
[root@rd shane]# ls -ld /var/www/cgi-bin
drwxr-xr-x. 3 shane shane 4096 Nov 20 09:59 /var/www/cgi-bin
[root@rd shane]# getenforce
Enforcing
[root@rd shane]# setenforce 0
[root@rd shane]# cd /var/www/cgi-bin
[root@rd cgi-bin]# ./showlib.pl
opened file successfully

(show lib is the example script uploaded)

BUT ERROR OUTPUT CHANGED!!!!

Code:

[root@rd cgi-bin]# tail -f /var/log/httpd/error_log
[Fri Nov 23 16:10:59 2012] [error] [client 10.0.0.3] malformed header from script. Bad header=opened file successfully: showlib.pl

Great!!!! and slightly more importantly my first program I was asking about is o.k.!!!

Now, once again showing how dated the programming is…. SELinux? What else is new? Can I modify SELinix to allow my all libraries? or set it to zero?Clearing out the cobwebs. heh... didn't know they were new cobwebs. whew... glad it's something new, thought I'd have to review the basics. Ummmm.. "New" being more than a decade ago. Really, what is new that I should know about?

[potentsinfo]

yep www is only root directory for html files (static pages) or javascript code (code that shows up in 'view source') CGI is a behind the scenes program or application which the programmer directs what output is put to the webpage (print -> view source)

[atreyu]

BUT ERROR OUTPUT CHANGED!!!!

Code:

[root@rd cgi-bin]# tail -f /var/log/httpd/error_log
[Fri Nov 23 16:10:59 2012] [error] [client 10.0.0.3] malformed header from script. Bad header=opened file successfully: showlib.pl

that is just b/c the CGI script is not sending the HTTP header first (e.g., print "Content-type:text/html\n\n"). Try your original CGI script.

Great!!!! and slightly more importantly my first program I was asking about is o.k.!!!

Now you know SELinux is the problem. You can either configure SELinux to allow your scripts (if security of the system is of utmost importance to you), or you can permanently disable it. If you wish to do the former, google for a good guide on SELinux and CGI scripts, I don't know the commands.

If you wish to do the latter, edit this file:

Code:

/etc/selinux/config

and make sure the following line is there:

Code:

SELINUX=disabled

then reboot.

Really, what is new that I should know about?

SELinux is pretty significant, it has been around for years, but it has just recently starting being enabled by default. You also need to beware of iptables (kernel-based firewall), as it is being enabled by default these days, too. Another interesting kernel feature that is becoming popular is cgroups, used for resource isolation and control.

[potentsinfo]

Once again Atreyu, you've resolved my tasks, good think your good at this. Thanks So Much!! Cheers.