nonlin wrote:
> Dear Friends,
>
> I know this is not directly a Unix problem but since this is happening
> in Fedora Lenix I though your the best group to help me with this Issue.
>
> I need to execute some root level UNIX commands and access some root
> level files from an script that is executed from the web. To be more
> specific, the script I am writing needs to restart sendmail. Example of
> "restartemail.pl":
> ------------
> #!/usr/bin/perl --
>
> use CGI ':standard';
>
> @results = `service sendmail restart`;
>
> print "@results\n";
> ------------
>
> If I am login in as the root on the server and run this script, IT WORKS
> perfectly!
>
> But if I call this script over the web into a browser. It FAILS! because
> 550 Permission denied (real uid not trusted).
>
> Now, I know that this limitation was set up for my protection, but I am
> writing a script that don't let the user do what ever they want. The
> script is in full control of what is happing on the server and not the
> user, so their is really no real risk hear. I just need to get around
> this limitation to get the job dun.
>
> Does anyone know how to make this work.
Write a shell script that is setuid root and call that script from your
Perl script. Make sure you watch out for any possible misuses of the
script and code around them.
EG:
Make a setuid script named restart_sendmail.sh that does the restart and
store it somewhere appropriate (eg: /usr/bin, /usr/local/bin, ...) then
call the shell script from the Perl script similar to what you were doing:
@results = `/usr/bin/restart_sendmail.sh`;
Or you can pass args like you were, but probably safer not to. You may also
want to verify sendmail isn't running the the script if sendmail doesn't
want multiples running (unless sendmail already handles that itself).
_______________________________________________
Perl-Unix-Users mailing list
Perl-Unix-Users@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
