HPE Community
Operating System - OpenVMS
1753916 Members
8200 Online
108810 Solutions
New Discussion

Re: CGI problem with CSWS

 
Hoff
Honored Contributor

‎09-18-2009 04:01 PM

‎09-18-2009 04:01 PM

Re: CGI problem with CSWS

Each directory has a protection setting (visible via the DIRECTORY /SECURITY command), as does each subdirectory, etc. Which means you need to check the protections on CGI-BIN.DIR, and every directory in the path above it. (The OpenVMS disk structures are completely different than those of the typical Unix file systems, so bear with me here...)

On the local TARGET:: box...

$ show log apache$common
"APACHE$COMMON" = "TARGET$DKA100:[SYS0.SYSCOMMON.APACHE.]" (LNM$SYSTEM_TABLE)
$

Here, this means SYS0.DIR, SYSCOMMON.DIR, APACHE.DIR and CGI-BIN.DIR must all have at least EXECUTE, if not READ access.

File and directory ownership is also subtly different than Unix, too.

Please don't set the file ownership and the protections wide open here. Ok, that was a reasonable test, and it didn't help, so please (re)set the protections correctly. (The better way to test for that sort of stuff is usually with the OpenVMS security alarms; with enabling and monitoring the file access failure auditing or alarms via the SHOW AUDIT and SET AUDIT commands.)

Here are the differences between your httpd.conf and one locally (that works)...


$ diff APACHE$COMMON:[CONF]HTTPD.CONF,SYS$LOGIN:X.X
************
File HTTPD.CONF;4
155 #Listen 80
156 Listen 10.1.2.1:80
157
******
File X.X;1
156 Listen 80
157
************
************
File HTTPD.CONF;4
437 #
******
File X.X;1
437 ScriptLog logs/cgi_log
438
439 #
************
************
File HTTPD.CONF;4
442 LogLevel warn
443
******
File X.X;1
444 LogLevel debug
445
446
************
************
File HTTPD.CONF;4
562 Options None
563 Order allow,deny
564 Allow from all
565
******
File X.X;1
565 Options ExecCGI
566 Order allow,deny
567 Allow from all
568 # AddHandler cgi-script .cgi .pl
569
************
************
File HTTPD.CONF;4
890 # Alias /error/ "apache$root/htdocs/error/"
891 #
892 #
893 # AllowOverride None
******
File X.X;1
894 # Alias /error/ "/apache$root/htdocs/error/"
895 #
896 #
897 # AllowOverride None
************
************
File HTTPD.CONF;4
1006 Include /apache$root/conf/mod_php.conf
******
File X.X;1
1010 Include /apache$common/conf/mod_perl.conf
1011 Include /apache$root/conf/mod_php.conf
1012
************
...
DIFFERENCES /IGNORE=()/MERGED=1-
HTTPD.CONF;4-
X.X;1

The CGI DCL also has the (poorly documented) APACHE$EXECUTE identifier assigned, if you're looking to override protections and ownerships. In very, very loose terms, adding this identifier to the ACL on the object is very roughly akin to setting a Unix group ID on the files involved that allows the web server access.

And for completeness, here's the invocation that I used to test this stuff:

http://target.example.com/cgi-bin/test-cgi-vms.com
0 Kudos
Reply
Willem Grooters
Honored Contributor

‎09-23-2009 12:32 AM

‎09-23-2009 12:32 AM

Re: CGI problem with CSWS

Add a line

AddHandler cgi-script .cgi .com

in your configuration, alignged with the other AddHandler lines (and not within a block).

What happens now is that .COM is not recognized as a script so it won't be executed.
Willem Grooters
OpenVMS Developer & System Manager
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.