apache Permission denied: exec

Hi,

I got an ssl error of permission denied to exec a file when I tried to
launch https://localhost/ra
or https://<my host ip address>/ra

The dir that apache is trying to access is owned my group=apache and
user=apache.
In the ssl_error_log:

[Wed Apr 04 20:47:58 2007] [error] [client 192.168.200.111]
(13)Permission denied: exec of
'/usr/local/openra/httpd/cgi-bin/ra/RAServer' failed
[Wed Apr 04 20:47:58 2007] [error] [client 192.168.200.111] Premature
end of script headers: RAServer

Basically my httpd.conf file calls or my openca.conf file in httpd.d
dir, below is my openca.conf fle:

# RA Aliases
Alias /ra /usr/local/openra/httpd/htdocs/ra/
Alias /pub /usr/local/openra/httpd/htdocs/pub/
Alias /ra-node /usr/local/openra/httpd/htdocs/ra-node/
ScriptAlias /cgi-bin/ra/ /usr/local/openra/httpd/cgi-bin/ra/
ScriptAlias /cgi-bin/pub/ /usr/local/openra/httpd/cgi-bin/pub/
ScriptAlias /cgi-bin/ra-node/ /usr/local/openra/httpd/cgi-bin/ra-node/

<Directory "/usr/local/openra/httpd/cgi-bin/">
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
</Directory>
<Directory "/usr/local/openra/httpd/htdocs/">
AllowOverride None
Options FollowSymLinks Indexes
Order allow,deny
Allow from all
</Directory>
# OpenCA Mods
# adding dir to symlinks following for cert retrieval
# not totally clear WHY openca puts a symlink here, but it did.
<Directory "/usr/local/openra/httpd/cgi-bin/pub">
AllowOverride None
Options FollowSymLinks Indexes
Order allow,deny
Allow from all
</Directory>

p.s. do i need to include mod-jk or configure the VirtualHost to
listen on 443 in my httpd.conf file?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Jana Nguyen schrieb:
> Hi,
>
> I got an ssl error of permission denied to exec a file when I tried to
> launch https://localhost/ra
> or https://<my host ip address>/ra
>
> The dir that apache is trying to access is owned my group=apache and
> user=apache.
> In the ssl_error_log:
>
> [Wed Apr 04 20:47:58 2007] [error] [client 192.168.200.111]
> (13)Permission denied: exec of
> '/usr/local/openra/httpd/cgi-bin/ra/RAServer' failed
> [Wed Apr 04 20:47:58 2007] [error] [client 192.168.200.111] Premature
> end of script headers: RAServer
Looks like the user apache is running under lacks filesystem permissions
to read RAServer. Or RAServer has syntax errors(less likely).

cheers
Paul


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Hi Paul,

> >
> > [Wed Apr 04 20:47:58 2007] [error] [client 192.168.200.111]
> > (13)Permission denied: exec of
> > '/usr/local/openra/httpd/cgi-bin/ra/RAServer' failed

Fedora enabled selinux with force mode as default, after making it
permissive I no longer get the "Permission denied" exec of.

But my error of "Premature end of script headers: RAServer" still exist:
[Fri Apr 06 13:06:37 2007] [error] [client 127.0.0.1] Premature end of
script headers: RAServer.

Although, RAServer is owned and run by apache, not sure why I'm having
this problem, could it be with suEXEC? So would it be wise to disable
suExec for the time being?

Thanks.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Jana Nguyen schrieb:
> Hi Paul,
>
>> >
>> > [Wed Apr 04 20:47:58 2007] [error] [client 192.168.200.111]
>> > (13)Permission denied: exec of
>> > '/usr/local/openra/httpd/cgi-bin/ra/RAServer' failed
>
> Fedora enabled selinux with force mode as default, after making it
> permissive I no longer get the "Permission denied" exec of.
>
> But my error of "Premature end of script headers: RAServer" still exist:
> [Fri Apr 06 13:06:37 2007] [error] [client 127.0.0.1] Premature end of
> script headers: RAServer.
>
> Although, RAServer is owned and run by apache, not sure why I'm having
> this problem, could it be with suEXEC? So would it be wise to disable
> suExec for the time being?
Honestly, I don't know. "Premature end of script headers" usually means
the script has syntax errors or does otherwise generate invalid output.
If the error is related to suEXEC apache would tell you with apropriate
error level set. Maybe running RAServer from the command line (with sudo
as user apache) would help to trac down the error but you would need to
recreate the CGI environment somehow...

cheers
Paul


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org