GAMS Support Wiki

Running GAMS under Apache on SELinux protected machine

On a apache-webserver that runs SELinux, the apache user does not have sufficient permissions to execute GAMS (e.g., from a PHP script). This can be overcome by wrapping the GAMS call into a separate executable, which is then excluded from SELinux security:

Create a wrapper C executable that will call GAMS in the GAMS system directory:

#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
     
int main (int argc, char *argv[])
{
   setuid (0);
     
   /* WARNING: Only use an absolute path to the script to execute,
    *          a malicious user might fool the binary and execute
    *          arbitary commands if not.
    */
     
   system ("gams /var/www/html/gams/model.gms");
   return 0;
}

Compile the wrapper file, e.g., gcc wrapper.c gams_root
Change the owner of gams_root to root and give permissions to r+x all users.

Give apache read and write permissions on the folder that includes gams_root:

sudo chcon -t httpd_sys_content_t /var/www/html/gams
sudo chcon -t httpd_sys_rw_content_t /var/www/html/gams

Exclude gams_root binary from SELinux security:

sudo chcon -t httpd_unconfined_script_exec_t /var/www/html/gams/gams_root

GAMS Support Wiki

User Tools

Site Tools

Running GAMS under Apache on SELinux protected machine

Page Tools