You dont have to use mod_php
php files can actually be used and run as cgi script , so suid can be set
But charlie is right that e-smith basicly uses a perl infrastruction so for
clearity sake you'd be better of using perl ,
actually i also believe perl to be supperior for this task, as perl has many
function for pattern matching / parsing and stuff wich could be really
usefull in log analysis.
Also i think there are plenty of log analysis tools readily available ,
webmin for one has one intgerated , and a quick search of freashmeat.net or
sourceforge.net will probably turn up a lot more
-----Original Message-----
From: Charlie Brady [mailto:[EMAIL PROTECTED]]
Sent: vrijdag 17 augustus 2001 3:06
To: Darrell May
Cc: e-smith-devinfo
Subject: Re: [e-smith-devinfo] [DRAFT] phpLogViewer - open for
discussion
On Thu, 16 Aug 2001, Darrell May wrote:
> This is very much a first attempt but I'm working on creating php scripts
> to easily view server logs via the web.
I would have thought that PHP was a challenging choice for a task such as
this. There are security implications. Most important log files are not
readable by the web server process, they are only readable by root. PHP
(usually) runs inside the process of the web server, and therefore runs
with the web server's privileges, i.e. is unable to read the log files.
The e-smith manager scripts are perl scripts which do not run in the
context of the web server, but as separate processes. perl scripts can be
set up to be setuid, and run with the privileges of the owner of the
script, not whoever runs the script. They can therefore run with roots
privileges, and can therefore do things such as restart daemons, write
protected configuration files, read log files, etc. perl has an important
feature which allow this risky undertaking to be done with relative
safety. It will automatically tell you when you are doing something risky
with data that someone else provided, which therefore shouldn't be
trusted. This is called taint checking.
> In final deployment this could be built into the e-smith manager, be
> placed in a separate secured alias directory, ibay, whatever suits
> your individual wants.
If you look at the e-smith manager scripts, you'll see that there is some
perl infrastructure there (in the esmith::cgi perl module) to provide a
standard look and feel for manager scripts. That's yet one more reason for
trying perl. That's not to say that you couldn't use PHP.
> Comments are encouraged. For any php expert how about taking a look at
> the initial script and giving me your thoughts on the best way to print a
> limited view, say last 100 lines. I'd like to give the option of viewing
> the complete file or last 100 lines only.
The usual way to do this is to have a CGI variable to indicate which
behaviour you want from the script. You then set the value for the CGI
variable in the request URL. You can then either have two links for the
two behaviours, or have a default behaviour, with a link for the other
behaviour displayed when selected. For example, show the last 100 lines by
default, and include a link which will request display of the whole file.
It's rather ironic that you posted this today. This afternoon I was
discussing with one of the other developers here the value of having a
general log file viewer panel in the e-smith manager. It would come up
with a pick list of the log files, and an entry which allowed you to
select a pattern match to apply, and a submit button. The manager would
then display all of the chosen log file, or only lines which matched the
pattern, if you supplied one. Now, if only I had a few more hours each
day...
--
Charlie Brady [EMAIL PROTECTED]
Lead Product Developer
Network Server Solutions Group http://www.e-smith.com/
Mitel Networks Corporation http://www.mitel.com/
Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
