On a apache-webserver that runs SELinux, the apache user does not have sufficient permissions to execute GAMS (e.g., from a PHP script). This can be overcome by wrapping the GAMS call into a separate executable, which is then excluded from SELinux security:
#include <stdlib.h> #include <sys/types.h> #include <unistd.h> int main (int argc, char *argv[]) { setuid (0); /* WARNING: Only use an absolute path to the script to execute, * a malicious user might fool the binary and execute * arbitary commands if not. */ system ("gams /var/www/html/gams/model.gms"); return 0; }
gcc wrapper.c gams_root
gams_root
to root and give permissions to r+x all users.gams_root
:sudo chcon -t httpd_sys_content_t /var/www/html/gams sudo chcon -t httpd_sys_rw_content_t /var/www/html/gams
gams_root
binary from SELinux security:sudo chcon -t httpd_unconfined_script_exec_t /var/www/html/gams/gams_root