I want to use Ruby CGI scripts on an Uberspace 7, but ran into several issues with permissions and security settings, in particular when using gems. How do I install CGI scripts with custom gems?
First, note that Uberspace 7 runs on SELinux. This means that CGI script files in ~/html/ not only have to be executable but also need the correct SELinux context. In this case, the type must be httpd_sys_content_t.
You can view the SELinux context with ls -lZ:
$ ls -Z file1
-rw-rw-r-- user1 group1 unconfined_u:object_r:user_home_t:s0 file1
If some files have the wrong context, the context can be restored with the restorecon command, e.g. restorecon -R ~/html/.
The user installation directory for Ruby gems is ~/.gem/. On Uberspace, gem install installs into that directory by default:
$ cat /etc/gemrc
gem: --no-document --user-install
As the home directory cannot be accessed by the apache process, gems installed there cannot be executed from CGI scripts. You can install gems in /var/www/virtual/$USER/gem instead, create the directory with
$ mkdir /var/www/virtual/$USER/gem
You cannot use the --install-dir parameter for gem install directly as this conflicts with the default parameters mentioned above:
$ gem install mygem --install-dir /var/www/virtual/$USER/gem
ERROR: Use --install-dir or --user-install but not both
Instead, create ~/.gemrc with the following content to override the default parameters (replace <USERNAME> with your actual user name):
gem: --install-dir /var/www/virtual/<USERNAME>/gem
Now the installation of gems should work:
$ gem install mygem
To use the gems in CGI scripts, set the Gem.paths variable before requiring gems:
#!/usr/bin/ruby
Gem.paths = { 'GEM_PATH' => '/var/www/virtual/<USERNAME>/gem' }
require 'mygem'
(... rest of the script)
This is needed as we cannot modify the environment variables (i.e. set GEM_PATH) for the apache process.