Thunderstone Support Forums

Hi

I'm having my developers test some more of their scripts on our development machine. We get an error when we run one of our scripts:

<!-- 002 [lookfeel]:143: Can't open KDBF file /opt/morph3/dbs/ejdb3/SYSTABLES.tbl for writing: error 13: Permission denied -->
<!-- 000 [lookfeel]:143: Could not open SYSTABLES in the function ddopen -->
<!-- 000 [lookfeel]:143: Could not connect to /opt/morph3/dbs/ejdb3 in the function openntexis -->

All processes and files are owned by user texis.

What exactly is line 143 of lookfeel trying to do?
What are the full ownership and perms of /opt/morph3/dbs/ejdb3/SYSTABLES.tbl ?
Double check that the process generating that error really is running as the correct user.

Hi

Permissions are:

ls -al /opt/morph3/dbs/ejdb3/SYSTABLES.tbl
-rw------- 1 texis texis 21814 Jun 7 03:31 /opt/morph3/dbs/ejdb3/SYSTABLES.tbl

Here is output from lookfeel:

<local title>
<if $pgtitle ne "" and $apptitle ne ""> <!-- line 143 -->
<sum "%s" $apptitle " > " $pgtitle>
<$title = $ret>
<elseif $pgtitle eq "">
<$title = $apptitle>
<else>
<$title = $pgtitle>
</if>

The same script/execution works correctly on another box. I just tar'd up the /opt/morph3 directory as well as our /opt/apache directory running on the production box, so everything should be identical.

Thanks!

It sounds as if the texis executable is not setuid, so it does not actually run as texis.

It's setuid:

% ls -al /opt/morph3/bin/monitor
-rwsr-xr-x 1 texis texis 4800736 Aug 5 2002 /opt/morph3/bin/monitor

% psg texis
texis 23468 1 0 Jun 07 ? 0:08 /usr/local/morph3/bin/monitor
texis 23470 1 0 Jun 07 ? 0:00 monitor -d /usr/local/morph3/texis/testdb/ -z
jimmatt 13810 13806 0 00:45:20 pts/4 0:00 grep texis

What about "texis" in your CGI directory?

Put the script below into a file in same directory as your other scripts and run it from the web. What does output?

<script language=vortex>
<a name=main>
<exec /usr/bin/id></exec>$ret
</a>
</script>

Hmm...I ran this on my development machine (which has the exact same texis directory as well as apache and htdocs directories). First I got the following error:

002 Jun 10 11:30:28 /jim: Can't create object file /opt/morph3/htdocs/jim.vtc: Permission denied

So then I changed permissions on the /opt/morph3/htdocs directory from:
drwxr-sr-x 7 texis texis 512 Jun 10 11:31 htdocs
to:
drwxrwsrwx 7 texis texis 512 Jun 10 11:31 htdocs

Reran the script and I get:

002 Jun 10 11:31:24 /jim: Can't open KDBF file /usr/local/morph3/texis/testdb/SYSTABLES.tbl for writing: error 13: Permission denied
000 Jun 10 11:31:24 /jim: Could not open SYSTABLES in the function ddopen
000 Jun 10 11:31:24 /jim: Could not connect to /usr/local/morph3/texis/testdb in the function openntexis

So then I tried to create/run this script on the production box. Under /morph3/, the htdocs has the perms:

drwxr-sr-x 7 texis texis 512 Jun 10 11:32 htdocs

Created the script and it ran correctly right away. Here's what it returned:

uid=50000(nsuser) gid=60001(nobody) euid=50007(texis)

I'm wondering why it's not running correctly on the development box. They both have the same setup (I rsync'd the morph3/, apache/ and htdocs/ trees).

That pretty clearly indicates that texis CGI is not running as user texis on the dev box. What is the ls -l of "texis" in your apache CGI directory?

Did your apache rsync also include the apache conf files? Did you restart apache after rsync?

Hi

Here's the output:

% ls -l /WWW/cgi-bin/texis
lrwxrwxrwx 1 root webadmin 29 Jun 4 10:16 /WWW/cgi-bin/texis -> /usr/local/morph3/bin/monitor
% ls -l /usr/local/morph3/bin/monitor
-rwsr-xr-x 1 texis texis 4800736 Aug 5 2002 /usr/local/morph3/bin/monitor

This is identical on both boxes.

Yes, the rsync included the apache.conf files. Slight modifications were made, obviously, to the conf file (ServerName, Listen, BindAddress) to get it running on a different machine. Apache has been restarted several times on the development box (the machine having texis difficulties).

Thanks again for your help with this.

For some reason apache on the dev box is squashing the setuid flag on texis and running it as it's CGI user instead. I don't know how or why. Confirm it by making the testdb directory and the files under it world read/write while you run the test script I gave you (put perms back when finished). Dig into your apache docs to see what it says about setuid. Do you have the exact same version of apache compiled with the same flags on both systems?