Thanks for you response jimmy, but unfortunately it did not change anything, the problem is still the same.
Sincerely Nonlin ----- Original Message ----- From: "Jimmy Schappet" <ji...@schappet.com> To: "nonlin" <non...@erols.com> Cc: "Bill Luebkert" <dbec...@roadrunner.com>; <perl-unix-users@listserv.ActiveState.com> Sent: Tuesday, November 03, 2009 10:07 AM Subject: Re: [Perl-unix-users] Permistion Problem when run from the Web > The part you missed in Bill's email "Write a shell script that is > setuid root" is the most important. > > > You need to chmod not to 755, but > chown root <filename> > chmod 4755 <filename> > > This tells Unix to run the script as the script owner. For more > details look at: > > http://www.everyjoe.com/newlinuxuser/explain-what-is-setuid-and-setgid/ > > > --Jimmy > > On Nov 3, 2009, at 8:47 AM, nonlin wrote: > > Dear Bill, > > Thanks for you fast response. > > Well, It seems close, but I have not gotten it to work yet. > > I made a shell script like you said: > /usr/bin/nltests/restart_sendmail.sh > #!/bin/sh > service sendmail restart > echo dun!!! > > I set the permissions to 755 > set File owner to root > set File group to root > > Modify my script to call it: > @results = `/usr/bin/nltests/restart_sendmail.sh`; > > and I am still having the same problem. > > I even tried to set the owner and group of the purl script to root > > just a little more info > > If I run restart_sendmail.sh from a terminal, it works > > I wrote a test sh script to just list the directory (ls) and that > works when > I call is from my purl script. > > So, do you have any other suggestions, or do you notice if you > overlooked > something or misunderstood some of your instructions. > > Sincerely, > > Nonlin > > ----- Original Message ----- > From: "Bill Luebkert" <dbec...@roadrunner.com> > To: "nonlin" <non...@erols.com> > Cc: <perl-unix-users@listserv.ActiveState.com> > Sent: Tuesday, November 03, 2009 5:22 AM > Subject: Re: [Perl-unix-users] Permistion Problem when run from the Web > > > > nonlin wrote: > >> Dear Friends, > >> > >> I know this is not directly a Unix problem but since this is > >> happening > >> in Fedora Lenix I though your the best group to help me with this > >> Issue. > >> > >> I need to execute some root level UNIX commands and access some root > >> level files from an script that is executed from the web. To be more > >> specific, the script I am writing needs to restart sendmail. > >> Example of > >> "restartemail.pl": > >> ------------ > >> #!/usr/bin/perl -- > >> > >> use CGI ':standard'; > >> > >> @results = `service sendmail restart`; > >> > >> print "@results\n"; > >> ------------ > >> > >> If I am login in as the root on the server and run this script, IT > >> WORKS > >> perfectly! > >> > >> But if I call this script over the web into a browser. It FAILS! > >> because > >> 550 Permission denied (real uid not trusted). > >> > >> Now, I know that this limitation was set up for my protection, but > >> I am > >> writing a script that don't let the user do what ever they want. The > >> script is in full control of what is happing on the server and not > >> the > >> user, so their is really no real risk hear. I just need to get around > >> this limitation to get the job dun. > >> > >> Does anyone know how to make this work. > > > > Write a shell script that is setuid root and call that script from > > your > > Perl script. Make sure you watch out for any possible misuses of the > > script and code around them. > > > > EG: > > Make a setuid script named restart_sendmail.sh that does the restart > > and > > store it somewhere appropriate (eg: /usr/bin, /usr/local/bin, ...) > > then > > call the shell script from the Perl script similar to what you were > > doing: > > > > @results = `/usr/bin/restart_sendmail.sh`; > > > > Or you can pass args like you were, but probably safer not to. You > > may > also > > want to verify sendmail isn't running the the script if sendmail > > doesn't > > want multiples running (unless sendmail already handles that itself). > > _______________________________________________ > Perl-Unix-Users mailing list > Perl-Unix-Users@listserv.ActiveState.com > To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs > _______________________________________________ Perl-Unix-Users mailing list Perl-Unix-Users@listserv.ActiveState.com To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
