Apache: CGI scripts requires permission

1
votes

I'm running Gentoo with apache.
If I go in http://localhost/ I get "It works!". But, if I execute CGI scripts (http://localhost/cgi-bin/counter.cgi) I get this error:

403 Forbidden
You don't have permission to access /cgi-bin/counter.cgi on this server.

This is my httpd.conf:

$ cat /etc/apache2/httpd.conf

# This is a modification of the default Apache 2.2 configuration file
# for Gentoo Linux.
#
# Support:
#   http://www.gentoo.org/main/en/lists.xml   [mailing lists]
#   http://forums.gentoo.org/                 [web forums]
#   irc://irc.freenode.net#gentoo-apache      [irc chat]
#
# Bug Reports:
#   http://bugs.gentoo.org                    [gentoo related bugs]
#   http://httpd.apache.org/bug_report.html   [apache httpd related bugs]
#
#
# This is the main Apache HTTP server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path.  If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "var/log/apache2/foo_log"
# with ServerRoot set to "/usr" will be interpreted by the
# server as "/usr/var/log/apache2/foo.log".

# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path.  If you point
# ServerRoot at a non-local disk, be sure to point the LockFile directive
# at a local disk.  If you wish to share the same ServerRoot for multiple
# httpd daemons, you will need to change at least LockFile and PidFile.
ServerRoot "/usr/lib64/apache2"

# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
# GENTOO: Automatically defined based on APACHE2_MODULES USE_EXPAND variable.
#         Do not change manually, it will be overwritten on upgrade.
#
# The following modules are considered as the default configuration.
# If you wish to disable one of them, you may have to alter other
# configuration directives.
#
# Change these at your own risk!

LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
<IfDefine AUTHNZ_LDAP>
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
</IfDefine>
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
<IfDefine CACHE>
LoadModule cache_module modules/mod_cache.so
</IfDefine>
LoadModule cgi_module modules/mod_cgi.so
LoadModule cgid_module modules/mod_cgid.so
<IfDefine DAV>
LoadModule dav_module modules/mod_dav.so
</IfDefine>
<IfDefine DAV>
LoadModule dav_fs_module modules/mod_dav_fs.so
</IfDefine>
<IfDefine DAV>
LoadModule dav_lock_module modules/mod_dav_lock.so
</IfDefine>
LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
<IfDefine CACHE>
LoadModule disk_cache_module modules/mod_disk_cache.so
</IfDefine>
LoadModule env_module modules/mod_env.so
LoadModule expires_module modules/mod_expires.so
LoadModule ext_filter_module modules/mod_ext_filter.so
<IfDefine CACHE>
LoadModule file_cache_module modules/mod_file_cache.so
</IfDefine>
LoadModule filter_module modules/mod_filter.so
LoadModule headers_module modules/mod_headers.so
LoadModule include_module modules/mod_include.so
<IfDefine INFO>
LoadModule info_module modules/mod_info.so
</IfDefine>
<IfDefine LDAP>
LoadModule ldap_module modules/mod_ldap.so
</IfDefine>
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
<IfDefine CACHE>
LoadModule mem_cache_module modules/mod_mem_cache.so
</IfDefine>
LoadModule mime_module modules/mod_mime.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule speling_module modules/mod_speling.so
<IfDefine SSL>
LoadModule ssl_module modules/mod_ssl.so
</IfDefine>
<IfDefine STATUS>
LoadModule status_module modules/mod_status.so
</IfDefine>
LoadModule unique_id_module modules/mod_unique_id.so
<IfDefine USERDIR>
LoadModule userdir_module modules/mod_userdir.so
</IfDefine>
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so

# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
User apache
Group apache

# Supplemental configuration
#
# Most of the configuration files in the /etc/apache2/modules.d/ directory can
# be turned on using APACHE2_OPTS in /etc/conf.d/apache2 to add extra features
# or to modify the default configuration of the server.
#
# To know which flag to add to APACHE2_OPTS, look at the first line of the
# the file, which will usually be an <IfDefine OPTION> where OPTION is the
# flag to use.
Include /etc/apache2/modules.d/*.conf

# Virtual-host support
#
# Gentoo has made using virtual-hosts easy. In /etc/apache2/vhosts.d/ we
# include a default vhost (enabled by adding -D DEFAULT_VHOST to
# APACHE2_OPTS in /etc/conf.d/apache2).
Include /etc/apache2/vhosts.d/*.conf

# vim: ts=4 filetype=apache

# Added by me

ScriptAlias /cgi-bin/ /home/mrlogick/www/cgi-bin/

<Directory /home/*/www/cgi-bin/>
    Options +ExecCGI
    AddHandler cgi-script .cgi .pl .py
</Directory>

I have executive permissions:

$ ls -l /home/mrlogick/www/cgi-bin/counter.cgi 
-rwxr-xr-x 1 mrlogick mrlogick 8.2K Feb  2 21:58 /home/mrlogick/www/cgi-bin/counter.cgi*

I have just installed apache on my Gentoo distro. I've not set other files.

1
apachecgicgi-bin
I don't know what is wrong: I think I set permissions for apache: (I also tried to change directory). I did "chmod -R 777" to all directories I could. and I set with "chown -R apache:apache /directories/" cgi-bin direcotory and many others.Giorgio Napolitano

1 Answers

0
votes

In Gentoo, the Apache Web Server is running under the apache user, see httpd.conf the config:

User apache
Group apache

So you need to grant access for this user and/ or group.