Find the answer to your Linux question:
Page 1 of 3 1 2 3 LastLast
Results 1 to 10 of 28
I am trying to run a simple search engine that is written in python, javascript and html. When i put them in the cgi-bin i get the 403 forbidden access ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2012
    Posts
    15

    how to set permissions for python scripts in cgi-bin on backtrack 5 r3


    I am trying to run a simple search engine that is written in python, javascript and html.

    When i put them in the cgi-bin i get the 403 forbidden access error. I understand why this happens but I cant seem to find out how to change the permissions so that I can access them from the cgi-bin or where ever.Any help is appreciated.

  2. #2
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    Quote Originally Posted by killa_cam View Post
    i was trying to run python and perl scripts through cgi and i cant seem to figure out how to set permissions or what public_html is,so I was wondering how you did it
    Hi,

    What distro are you using?

    Have you made your CGI scripts executable? e.g.:

    Code:
    chmod +x /var/www/cgi-bin/test.cgi
    What is your webserver? (Apache, Nginx, etc.)

    The DocumentRoot dir (often /var/www or /var/www/html) needs to be readable/executable by all, e.g.:

    Code:
    # ls -ld /var/www/html
    drwxr-xr-x 50 root root 4096 Jul 24 20:16 /var/www/html
    Also, monitor your webserver log file, it will give you quick trouble-shooting feedback. The location of the log files depends on your webserver, and is usually defined in a the main config file (e.g., /etc/httpd/conf/httpd.conf). For example, the webserver error log file on my Fedora box is at /var/log/httpd/error_log.

  3. #3
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    Quote Originally Posted by killa_cam View Post
    I am trying to run a simple search engine that is written in python, javascript and html.

    When i put them in the cgi-bin i get the 403 forbidden access error. I understand why this happens but I cant seem to find out how to change the permissions so that I can access them from the cgi-bin or where ever.Any help is appreciated.

    What does your webserver's log file tell you? It should spell out the problem pretty clearly.

  4. #4
    Just Joined!
    Join Date
    Sep 2012
    Posts
    15
    I am running apache2 in backtrack 5 r3.In my var/log/apache2/error.log file it says:

    Thu Sep 20 18:22:04 2012] [error] [client ::1] (13)Permission denied: access to /cgi-bin/search/search.html denied
    [Thu Sep 20 18:22:04 2012] [error] [client ::1] File does not exist: /var/www/favicon.ico

  5. #5
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    Quote Originally Posted by killa_cam View Post
    I am running apache2 in backtrack 5 r3.In my var/log/apache2/error.log file it says:

    Thu Sep 20 18:22:04 2012] [error] [client ::1] (13)Permission denied: access to /cgi-bin/search/search.html denied
    [Thu Sep 20 18:22:04 2012] [error] [client ::1] File does not exist: /var/www/favicon.ico
    is the dir "/cgi-bin/search/" readable and executable by all? for example, if your cgi-bin dir is in /var/www, then you might try:

    Code:
    ls -ld /var/www/cgi-bin/search
    which should yield something like:

    Code:
    drwxr-xr-x  2 root root 4096 Nov 15  2008 /var/www/cgi-bin/search
    where you can see by the last r-x that it is readable and executable by all.

    also check the permissions of the search.html file, it should be readable by all, e.g.:

    Code:
    # ls -l /var/www/cgi-bin/search/search.html
    -rw-r--r--  1 root root 0 Sep 21 16:11 /var/www/cgi-bin/search/search.html
    you can ignore the favicon error. or put one in /var/www to get rid of that error.

  6. #6
    Just Joined!
    Join Date
    Sep 2012
    Posts
    15
    Ok, so for the first command (ls -ld /var/www/cgi-bin/search) i got


    drwx------ 4 root root 4096 2012-09-18 23:12 /var/www/cgi-bin/search


    And for the second one (ls -l /var/www/cgi-bin/search/search.html) i got


    ls: cannot access /var/www/cgi-bin/search/search.html: No such file or directory


    i then tried (ls -l /var/www/cgi-bin/search/search.html) and i got


    total 64
    -rwxrwxrwx 1 root root 11867 2007-12-04 22:49 license.txt
    -rwxrwxrwx 1 root root 942 2012-09-09 07:49 Search.html
    -rwxrwxrwx 1 root root 4539 2007-12-04 22:50 search.js
    -rwxrwxrwx 1 root root 8645 2012-09-07 16:01 search.py
    -rwxrwxrwx 1 root root 14583 2012-09-06 15:06 search.py.zip
    -rwxrwxrwx 1 root root 203 2007-12-02 09:45 SearchResults.css
    -rwxrwxrwx 1 root root 528 2007-12-02 09:42 SearchResults.html
    drwx------ 3 root root 4096 2007-12-02 08:21 test


    when i moved the cgi-bin which was oringinaly in /usr/lib/ to the /var/www/ and try to access localhost/cgi-bin/search/search.html on chrome i got


    Not Found

    localhost/cgi-bin/search/search.html was not found on this server.

    Apache/2.2.14 (Ubuntu) Server at localhost Port 80

  7. #7
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    Quote Originally Posted by killa_cam View Post
    Ok, so for the first command (ls -ld /var/www/cgi-bin/search) i got

    drwx------ 4 root root 4096 2012-09-18 23:12 /var/www/cgi-bin/search
    This prevents your webserver account (presumably "nobody" or "apache", or some other non-root account) from being able to see into this directory. You need to modify the permission, something like:

    Code:
    chmod 0755 /var/www/cgi-bin/search
    for good measure, check the /var/www/cgi-bin dir, too. it should have similar perms.

    And for the second one (ls -l /var/www/cgi-bin/search/search.html) i got

    ls: cannot access /var/www/cgi-bin/search/search.html: No such file or directory

    i then tried (ls -l /var/www/cgi-bin/search/search.html) and i got
    Do you mean here that you tried "ls -l /var/www/cgi-bin/search/"?


    total 64
    -rwxrwxrwx 1 root root 11867 2007-12-04 22:49 license.txt
    -rwxrwxrwx 1 root root 942 2012-09-09 07:49 Search.html
    -rwxrwxrwx 1 root root 4539 2007-12-04 22:50 search.js
    -rwxrwxrwx 1 root root 8645 2012-09-07 16:01 search.py
    -rwxrwxrwx 1 root root 14583 2012-09-06 15:06 search.py.zip
    -rwxrwxrwx 1 root root 203 2007-12-02 09:45 SearchResults.css
    -rwxrwxrwx 1 root root 528 2007-12-02 09:42 SearchResults.html
    drwx------ 3 root root 4096 2007-12-02 08:21 test

    when i moved the cgi-bin which was oringinaly in /usr/lib/ to the /var/www/ and try to access localhost/cgi-bin/search/search.html on chrome i got

    Not Found

    localhost/cgi-bin/search/search.html was not found on this server.
    There is no file named "search.html", based upon your directory listing above. The file "Search.html" is different - Linux is case-sensitive. If the Search.html is the file you want, the rename it to search.html, or simply call the url like this:

    http://localhost/cgi-bin/search/Search.html

    You can also put an .htaccess file in the cgi-bin/search dir, to force a certain file to be your default index file, but leave that for later.

    Also, it is important that you know that /var/www/cgi-bin is the CGI directory on your system. i'm pretty sure that is correct for Ubuntu, but you may want to check the httpd.conf apache config file. If you are looking at the apache error_log, that will help you, too.

  8. #8
    Just Joined!
    Join Date
    Sep 2012
    Posts
    15
    i changed the permissions for the /var/www/cgi-bin/ and for the /var/www/cgi-bin/search/ to 0755 and when i called

    "localhost/cgi-bin/search/Search.html"

    I got the 404 not found error. I also got the 404 error when i searched "localhost/cgi-bin/" And yes i did mean to write "ls -l /var/www/cgi-bin/search/"

    when I looked in the httpd.conf file which is located in /etc/apache2/ it was a blank document. Then i found httpd.conf in the /pentest/fuzzers/rfuzz/gems/mongrel-1.1.5/examples and it said:

    ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/

    #"/usr/local/apache2/cgi-bin" should be changed to whatever your ScriptAliased
    # CGI directory exists, if you have that configured.
    #
    <Directory "/usr/local/apache2/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
    </Directory>

    Im not sure if that helps but this httpd.conf is also located in /var/lib/gems/1.8/gems/mongrel-1.1.5/examples but seems to be the same document. Hope this helps.

  9. #9
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    i'm not sure about those mongrel httpd files...are you using the default apache that came w/Backtrack? try looking in /etc/ for apache config files:

    Code:
    find /etc/ -type f -exec grep -H --color ScriptAlias {} \;
    if you think /usr/local/apache2/cgi-bin might be legit, see if there are any CGI files in there, and if so, just try to access one via browser.

    you definitely need to know which file is your apache config file, before you can successfully troubleshoot.

    another thing i thought about: Search.html is probably not a cgi script. maybe search.py is, but you may just need to copy that stuff to your document root. i would know w/o seeing all of those files. keep it mind that you can also make any HTML accessible directory a CGI script directory, if your server is configured to allow the use of htaccess files.

  10. #10
    Just Joined!
    Join Date
    Sep 2012
    Posts
    15
    sorry I havent replied in a while but i executed the command "find /etc/ -type f -exec grep -H --color ScriptAlias {} \;" and i got

    /etc/apache2/sites-available/default-ssl: ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    /etc/apache2/sites-available/default: ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    /etc/apache2/mods-available/mime.conf:# To use CGI scripts outside of ScriptAliased directories:

    I am using the default apache and I want to be able to execute these scripts


    (\/\/ \/\/ \/\/.zackgrossbart.com/hackito/search-engine-python/).


    I have all the files in a folder named "search." One thing I dont get is why when I start apache and go to "localhost/cgi-bin/search/Search.html" i get 404 error. But when i go to "localhost/" i get a "it works default page." i copied the search folder to root but still nothing. I found this website

    (\/\/ \/\/ \/\/.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch20_:_The_Apache_Web_Server)

    it might help
    sorry about the "\/\/" i guess i cant post links yet.

Page 1 of 3 1 2 3 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •