Hi Ken,
On Thu, 21 Apr 2016 10:47:08 -0700
Kenneth Wolcott <kennethwolc...@gmail.com> wrote:
> Hi;
>
> I try not to run my scripts with elevated privilege.
>
> But sometimes files, directories and filesystems need to be accessed
> via elevated privilege.
>
> So how to do this?
>
> If I'm logged in as an ordinary user and run a script (manually or
> under crontab), the "-d", "-f", "-r" type of file metadata queries are
> performed as me. What happens if I need to perform file metadata
> queries for files and/or directories that belong to root or somebody
> else where there is insufficient privilege to perform that function?
> I'd rather not have to use sudo to do this. What is a perl native
> method?
>
The way I understand the basic Unix permissions and privileges model (which is
before SELinux and other more complex stuff was introduced) the way you gain
root or other users privileges is by executing (using EXECVE - possibly after
forking first) an SUID or SGID executable which then runs as a process under
a new user.
This executable can be sudo, or "su" or something else entirely. "sudo" is a
configurable and flexible way to do that and probably will be the easiest
approach to provide with certain users with the permission to run certain perl
code (or other executables) as a different user.
But there is no built-in Perl magic bullet that can be used instead, as far as I
know.
Regards,
Shlomi Fish
--
To unsubscribe, e-mail: beginners-unsubscr...@perl.org
For additional commands, e-mail: beginners-h...@perl.org
http://learn.perl.org/
