su from Perl/CGI ??? 
Author Message
 su from Perl/CGI ???

My perl/CGI has to copy file into particular directory on the web
server.

My web server runs under nobody id and has no rights to write to the
destination directory. So looks like I need to do system("su ..."); to
another account (which has all the permissions) and do the copy.

Can anybody tell me how to do this? I read something about 'expect
scripts' in newsgourps, but couldn't find any explanations in
documentation.

Please help! Thank you in advance.

Vladimir.

Sent via Deja.com http://www.*-*-*.com/
Before you buy.



Wed, 18 Jun 1902 08:00:00 GMT  
 su from Perl/CGI ???

Quote:

> My perl/CGI has to copy file into particular directory on the web
> server.

> My web server runs under nobody id and has no rights to write to the
> destination directory. So looks like I need to do system("su ..."); to
> another account (which has all the permissions) and do the copy.

> Can anybody tell me how to do this? I read something about 'expect
> scripts' in newsgourps, but couldn't find any explanations in
> documentation.

expect (tcl) would be one way,
http://expect.nist.gov

Expect.pm another,
http://www.cpan.org/authors/id/AUSCHUTZ/Expect.pm-1.07.tar.gz

but sudo would probably be a better solution.
http://www.courtesan.com/sudo

-Adrian Hands
Raleigh, NC



Wed, 18 Jun 1902 08:00:00 GMT  
 su from Perl/CGI ???

Quote:

> expect (tcl) would be one way,
> http://expect.nist.gov

> Expect.pm another,
> http://www.cpan.org/authors/id/AUSCHUTZ/Expect.pm-1.07.tar.gz

> but sudo would probably be a better solution.
> http://www.courtesan.com/sudo

Or have your system adminstrator make your script "setuid".  The
"sudo" approach is safer.  When your the file permissions on your CGI
are "setuid", then the script has the permissions of owner of the
script.  So if you want your script to have the permissions of the
"foo" account,

        chown foo myCGI.pl
        chmod u+s myCGI.pl

Now your script runs as though the "foo" account is running it.
Security concerns come into play because if your script has a security
hole in it, anyone running your script can access/write/delete files
owned by "foo".  For example if your web directory tree is all owned
by the same user, someone might be able to use your script as a means
of deleting all the web files.

When your make your file "setuid" Perl goes into 'taint' mode (see
perldoc perlsec) which checks for the possible security holes, often
forcing you to filter your incoming data so that your script passes
the taint checking.

-James
--
James Peregrino
Harvard Div. Continuing Education



Wed, 18 Jun 1902 08:00:00 GMT  
 
 [ 3 post ] 

 Relevant Pages 

1. to su copy file, out of su

2. System call to UNIX su fails (CGI script)

3. system su'ing in perl

4. perform a su - [user] in perl

5. su and perl

6. Perl, /bin/su question

7. su another user in my perl program

8. system su'ing in perl

9. Taintedness problems from su shell.

10. Logging of "su"

11. linux: starting apache as su

12. Passing password to su command

 

 
Powered by phpBB® Forum Software