PermissionError: [Errno 13] Permission denied gets thrown when starting the script in CGI, but not in bash

0

I have a python script on my HTTP server(CentOS 7) responsible for responding to the client browser, it works fine in bash, but when I try to access it via cgi, it just throws an error. It works fine on Ubuntu(both via HTTP and shell) The script is:

import socket
HOST = '127.0.0.1'
PORT = 4345

print("Content-type: text/html; charset=utf-8\n\n")
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((HOST, PORT))
query = 'foobar'
sock.sendall(bytes(query, 'utf-8'))
buffer = sock.recv(1024)
responce = str(buffer, "UTF-8")
print(responce)

The error I am getting, when I run the script via CGI is:

PermissionError: [Errno 13] Permission denied
Traceback (most recent call last):
File "/var/www/cgi-bin/script.py", line 8, in <module>
   sock.connect((HOST, PORT))
PermissionError: [Errno 13] Permission denied

The output of 'getsebool -a | grep httpd' is:

httpd_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_connect_ftp --> off
httpd_can_connect_ldap --> off
httpd_can_connect_mythtv --> off
httpd_can_connect_zabbix --> off
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> off
httpd_dbus_sssd --> off
httpd_dontaudit_search_dirs --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> off
httpd_execmem --> off
httpd_graceful_shutdown --> on
httpd_manage_ipa --> off
httpd_mod_auth_ntlm_winbind --> off
httpd_mod_auth_pam --> off
httpd_read_user_content --> off
httpd_run_ipa --> off
httpd_run_preupgrade --> off
httpd_run_stickshift --> off
httpd_serve_cobbler_files --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_sys_script_anon_write --> off
httpd_tmp_exec --> off
httpd_tty_comm --> off
httpd_unified --> off
httpd_use_cifs --> off
httpd_use_fusefs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
httpd_use_openstack --> off
httpd_use_sasl --> off
httpd_verify_dns --> off

Xyz

Posted 2019-07-02T13:14:09.950

Reputation: 1

Do you have SELinux enabled on your system? – Fanatique – 2019-07-02T13:23:47.320

Yes, I do have SELinux enabled – Xyz – 2019-07-02T13:32:58.823

Can you add the full output of getsebool -a | grep httpd in your question? – Fanatique – 2019-07-02T13:38:48.080

1Thank you very much for your help. I fixed it by setting 'httpd_can_network_connect' to 'on' – Xyz – 2019-07-02T13:52:28.743

Answers

0

The solution was to allow httpd to connect to the network. I just set httpd_can_network_connect to on with setsebool, and it started working. Note, that to make the solution permanent, you need to use the -P switch too.

Xyz

Posted 2019-07-02T13:14:09.950

Reputation: 1

Asked: 2019-07-02T13:14:09.950

Viewed: 1 591 times

Active: 2019-07-08T14:48:32.063