[Solved] Python CGI on Raspberry PI - File Permissions? - Lighttpd - lighty labs

[Solved] Python CGI on Raspberry PI - File Permissions?

I am having trouble getting a web page served by lighttpd to run a python cgi routine.
The server finds the python file ok but I get an error 403 message - (403 Forbidden).
I'm running a fresh install of 2020-02-13-raspbian-buster-lite with lighttpd/1.4.53 (ssl) installed.
I've tried Firefox (v60.9.0esr 64-bit) and Chromium (v 73.0.3683.75) browsers
lighttpd config is below though I've removed most of the mime type section here.

config {
    var.PID                        = 13989
    var.CWD                        = "/etc/lighttpd" 
    mimetype.assign                = (
        ".pcf.Z"       => "application/x-font-pcf",
        ".tar.bz2"     => "application/x-gtar-compressed",
        ".sisx"        => "x-epoc/x-sisx-app",
.
        ".vrm"         => "x-world/x-vrml",
        "README"       => "text/plain; charset=utf-8",
        "Makefile"     => "text/x-makefile; charset=utf-8",
        ""             => "application/octet-stream",
        # 555
    )
    server.document-root           = "/var/www/html" 
    server.upload-dirs             = ("/var/cache/lighttpd/uploads")
    server.errorlog                = "/var/log/lighttpd/error.log" 
    server.pid-file                = "/var/run/lighttpd.pid" 
    server.username                = "www-data" 
    server.groupname               = "www-data" 
    server.port                    = 80
    server.http-parseopts          = (
        "header-strict"            => "enable",
        "host-strict"              => "enable",
        "host-normalize"           => "enable",
        "url-normalize-unreserved" => "enable",
        "url-normalize-required"   => "enable",
        # 5
        "url-ctrls-reject"         => "enable",
        "url-path-2f-decode"       => "enable",
        "url-path-dotseg-remove"   => "enable",
        # 8
    )
    index-file.names               = ("index.php", "index.html", "index.lighttpd.html")
    url.access-deny                = ("~", ".inc")
    static-file.exclude-extensions = (".php", ".pl", ".fcgi", ".py")
    compress.cache-dir             = "/var/cache/lighttpd/compress/" 
    compress.filetype              = ("application/javascript", "text/css", "text/html", "text/plain")
    server.modules                 = (
        "mod_indexfile",
        "mod_access",
        "mod_alias",
        "mod_redirect",
        "mod_cgi",
        "mod_compress",
        "mod_dirlisting",
        "mod_staticfile",
        # 8
    )

    $SERVER["socket"] == "[::]:80" {
        # block 1

    } # end of $SERVER["socket"] == "[::]:80" 

    $HTTP["url"] =~ "/cgi-bin/" {
        # block 2
        cgi.assign = (
            ".py" => "",
        )
        alias.url  = (
            "/cgi-bin/" => "/usr/lib/cgi-bin/",
        )

    } # end of $HTTP["url"] =~ "/cgi-bin/" 
}

I assume it's a permissions issue. The server is run under www-data and the user pi is a
member of the www-data group.

Could somebody let me know what I've missed please? (Or tell me what further info I can add
to the snippets below?)

Thanks!

Content of index.html

<html>
<form method="get">
  <button type="submit" formaction="tst1.py">Call tst1.py owned by user www-data</button>
  <button type="submit" formaction="tst2.py">Call tst2.py owned by user pi</button>
</form> 
</html>

Content of python files (tst1.py and tst2.py essentially identical)

#!/usr/bin/python3
#
import cgitb
cgitb.enable()

print ("Content-type:text/html")
print ("")
print ('<html>')
print ('<head>')
print ('<title>Testing</title>')
print ('</head>')
print ('<body>')
print ('<h2>tst1</h2>')
print ('</body>')
print ('</html>')

Ownership and permissions on python files

-rwxrwxr-x 1 www-data www-data  256 Apr 17 20:04 tst1.py
-rwxr-xr-x 1 pi       pi        256 Apr 17 20:03 tst2.py

Replies (3)

RE: Python CGI on Raspberry PI - File Permissions? - Added by gstrauss about 5 years ago

Maybe try:

        cgi.assign = (
            ".py" => "/usr/bin/python",
        )

Can you strace lighttpd to see what it tries before sending 403 Forbidden (presumably from static-file.exclude-extensions)?

Are you accessing the files http://my.site/cgi-bin/tst1.py?

[Solved] RE: Python CGI on Raspberry PI - File Permissions? - Added by jefff about 5 years ago

Thanks for the quick reply. I added in the /usr/bin/python3 as you suggested and it worked. The Python files have the #!/usr/bin/python3 line at the start meaning the server shouldn't need to know so I took it out of the config again and strangely it still worked. I've been fiddling around trying things I've found in other threads and forums so it's difficult to pin down what I've changed and when (I should know better from when I was employed writing code and versioning was necessary!)

Anyway, it works now so thanks again
Many regards
Jeff

RE: [Solved] Python CGI on Raspberry PI - File Permissions? - Added by gstrauss about 5 years ago

Sounds like you previously might not have actually restarted the running lighttpd to pick up the changed configuration.

(1-3/3)

Project

General

Profile

Lighttpd