[Labs-l] Shell scripts and CGI on Tools

nejuje6tpztluvolq at nym.hush.com nejuje6tpztluvolq at nym.hush.com
Mon Sep 22 21:04:02 UTC 2014 

I got it working!

Out of curiosity I changed the perms to 600 to see what the error logs
showed and they are the same as when executable:

2014-09-22 20:19:25: (mod_compress.c.683) -- handling file as static
file
2014-09-22 20:19:25: (mod_staticfile.c.389) -- NOT handling file as
static file, extension forbidden

Something is interrupting before it tries to execute. Looking at the
source for mod_staticfile.c this appears to be related to the 
	static-file.exclude-extensions += (".sh")

It tells the web server not to download the file, thus the "extension
forbidden" and 403 error. 

Yet, it still isn't running as CGI so Lighttpd doesn't know this is a
CGI program. 

I looked again at the .lighttpd.conf

$HTTP["url"] =~ "^cgi-bin" {
        cgi.assign = ( "" => "" )
}

That doesn't work. Tried this:

$HTTP["url"] +=~ "^cgi-bin" {
        cgi.assign = ( "" => "" )
}

(added a "+" in front of =~). That doesn't work. Tried this:

$HTTP["url"] =~ "^cgi-bin" {
        cgi.assign += ( "" => "" )
}

(added a "+" in cgi.assign). That doesn't work. Tried this:

cgi.assign += ( "" => "" )

This works! Of course that is unsafe so will change to:

cgi.assign += ( ".cgi" => "" )

I'll make a bold edit to Nova_Resource:Tools/Help to make this clear
because it took me forever to figure out, though in hindsight I should
have tried it earlier. 

BTW thanks for your reply and help, John,

--
GreenC

On 9/22/2014 at 3:22 PM, nejuje6tpztluvolq at nym.hush.com wrote:Here is
a new server.sh

#!/bin/sh
echo ''
echo 'Hello world'

And running local:

tools.ext-lnk-discover at tools-login:~/www/cgi-bin$ ./server.sh

Hello world
tools.ext-lnk-discover at tools-login:~/www/cgi-bin$

Same problem.

---------- Forwarded message ----------
Date: Mon, 22 Sep 2014 15:12:01 -0400
From: John 
Reply-To: Wikimedia Labs 
To: Wikimedia Labs 
Subject: Re: [Labs-l] Shell scripts and CGI on Tools

What happens when you execute the fcgi script from the terminal. Also
note
you need to send header info to form the HTML output

On Mon, Sep 22, 2014 at 3:09 PM,  wrote:

> File perms are OK
>
> tools.ext-lnk-discover at tools-login:~/www$ ls -ld cgi-bin/
> drwxrwsr-x 2 tools.ext-lnk-discover tools.ext-lnk-discover 4096 Sep
22
> 18:13 cgi-bin/
>
> tools.ext-lnk-discover at tools-login:~/www/cgi-bin$ ls -l
> -rwxr-xr-x 1 tools.ext-lnk-discover tools.ext-lnk-discover 29 Sep 21
21:54
> server.sh
>
> I'm using server.sh as a simple test case to report this bug. The
problem
> exists for Perl scripts also. And there are other accounts on Tools
using
> .sh via CGI see for example
>
> /data/project/catmonitor/.lighttpd.conf
>
> --
> GreenC
>
>
> On 9/22/2014 at 2:56 PM, "John"  wrote:
>
> .sh scripts are evil and should never be run via the web. .sh are
backend
> tools. I would look into either php or python. If you use python I
can lend
> a hand. Otherwise Look at file permissions 403 typcially means that
the
> webservice cannot read the file
>
> On Mon, Sep 22, 2014 at 2:36 PM,  wrote:
>
>> Hello,
>>
>> I've been trying to get this to work for days and am running out of
>> ideas.
>>
>> Attempting to accomplish something simple: Run a /bin/sh script via
CGI
>>
>> The script is called server.sh and contains this:
>>
>>     #!/bin/sh
>>     echo "Hello World"
>>
>> It resides in
/data/project/ext-lnk-discover/public_html/cgi-bin/server.sh
>>
>> The .lighttpd.conf is
>>
>>     debug.log-request-handling = "enable"
>>     static-file.exclude-extensions += ( ".sh" )
>>     $HTTP["url"] =~ "^cgi-bin" {
>>             cgi.assign = ( "" => "" )
>>     }
>>
>>
>> http://tools.wmflabs.org/ext-lnk-discover/cgi-bin/server.sh
>>
>> returns "403 Forbidden"
>>
>> The Lighttpd error.log is long, located in
>> /data/project/ext-lnk-discover/error.log, but the last two lines:
>>
>> 2014-09-22 18:10:19: (mod_compress.c.683) -- handling file as
static file
>> 2014-09-22 18:10:19: (mod_staticfile.c.389) -- NOT handling file as
>> static file, extension forbidden
>>
>> This would suggest .sh extension is the problem, but I changed the
name
>> to .fcgi or whatever doesn't matter get the same error.
>>
>> Maybe I need to use FCGI? New .lighttpd.conf:
>>
>>    fastcgi.server += ( "/" =>
>>      ((
>>        "socket" => "/tmp/ext-lnk-discover-server.sock",
>>        "bin-path" =>
>> "/data/project/ext-lnk-discover/public_html/cgi-bin/server.sh",
>>        "check-local" => "disable",
>>        "max-procs" => 1,
>>       ))
>>    )
>>
>> Error.log now shows:
>>
>> 2014-09-22 18:21:20: (mod_fastcgi.c.1104) the fastcgi-backend
>> /data/project/ext-lnk-discover/public_html/cgi-bin/server.sh failed
to
>> start:
>> 2014-09-22 18:21:20: (mod_fastcgi.c.1108) child exited with status
0
>> /data/project/ext-lnk-discover/public_html/cgi-bin/server.sh
>> 2014-09-22 18:21:20: (mod_fastcgi.c.1111) If you're trying to run
your
>> app as a FastCGI backend, make sure you're using the
FastCGI-enabled
>> version.
>> If this is PHP on Gentoo, add 'fastcgi' to the USE flags.
>> 2014-09-22 18:21:20: (mod_fastcgi.c.1399) [ERROR]: spawning fcgi
failed.
>> 2014-09-22 18:21:20: (server.c.938) Configuration of plugins
failed.
>> Going down.
>>
>> (this happens on webserver restart)
>>
>> ------------
>>
>> I've tried other scripts: bash, Perl and csh with same results.
>>
>> I'm beginning to think the problem is security, perhaps a jailed
shell on
>> the Grid? Any help appreciated!
>> Thanks,
>> GreenC
>>
>> _______________________________________________
>> Labs-l mailing list
>> Labs-l at lists.wikimedia.org
>> https://lists.wikimedia.org/mailman/listinfo/labs-l
>>
>>
>
> _______________________________________________
> Labs-l mailing list
> Labs-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/labs-l
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.wikimedia.org/pipermail/labs-l/attachments/20140922/5aa23aa0/attachment.html>

More information about the Labs-l mailing list