Re: Can't get Sudo.pm to run my command but it works from a prompt
-- RICHARD FERNANDEZ [EMAIL PROTECTED] wrote: Hi folks, I have the following in a CGI script: When this code gets run (via webpage) I get the following in the error_log: snip output: result: 256 STDOUT: STDERR: We trust you have received the usual lecture from the local System Administrator. It usually boils down to these two things: #1) Respect the privacy of others. #2) Think before you type. Password: RC: /snip In other words, it seems to be asking for a password. However when I run this from a regular prompt as the webserver user, it works fine. I have a check for the UID in the script, and it's the right one. I also have NOPASSWD set in sudoers. Any help is appreciated. Thanks! richf Did you edit the sudoers file using visudo -f file Show us the sudoers file using cat -etu file. Has this user ever successfully logged in? derek __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
RE: Can't get Sudo.pm to run my command but it works from a prompt
Did you edit the sudoers file using visudo -f file Yes. Show us the sudoers file using cat -etu file. # cat -etu /usr/local/etc/sudoers /tmp/sudoers.richf # less /tmp/sudoers.richf # sudoers file. # # This file MUST be edited with the 'visudo' command as root. snip # User privilege specification root ALL=ALL webuser ALL = (ALL) NOPASSWD: ALL Has this user ever successfully logged in? Yes, the user is set up w/o a login shell, but in the course of testing I've given him login access. Doesn't make a difference. derek Thanks derek. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
RE: Can't get Sudo.pm to run my command but it works from a prompt
--- RICHARD FERNANDEZ [EMAIL PROTECTED] wrote: Did you edit the sudoers file using visudo -f file Yes. Show us the sudoers file using cat -etu file. # cat -etu /usr/local/etc/sudoers /tmp/sudoers.richf # less /tmp/sudoers.richf # sudoers file. # # This file MUST be edited with the 'visudo' command as root. snip # User privilege specification root ALL=ALL webuser ALL = (ALL) NOPASSWD: ALL Has this user ever successfully logged in? Yes, the user is set up w/o a login shell, but in the course of testing I've given him login access. Doesn't make a difference. derek Thanks derek. the cat -etu will show us any funky unneeded control characters. if the user has never signed in and the admin never ran passwd user passwd -f user and then that user never went into make his/her password permenant then yes it would matter b/c the passwd is not set. Here is a working sample on me of my work production systems: ovuser OVSYS = (root) NOPASSWD: /opt/OV/bin/, /opt/OV/bin/OpC/, /opt/OV/bi n/OpC/install/, /opt/OV/bin/OpC/utils/, /opt/OV/contrib/OpC/, /data/data00/sbin/, / data/data00/sbin/pre-exec/, /data/data00/sbin/post-exec/, /sbin/init.d/smtp_message _interceptor, /db/u01/app/oracle/product/9.2.0/bin/, /opt/OV/support/, /var/opt/OV/ bin/instrumentation/, /usr/local/ovo8x, /usr/local/sbin/init.d/,/opt/CSCOpx/bin/, sudoedit /etc/opt/OV/share/conf/C/filters __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
RE: Can't get Sudo.pm to run my command but it works from a prompt
if the user has never signed in and the admin never ran passwd user passwd -f user and then that user never went into make his/her password permenant then yes it would matter b/c the passwd is not set. I've gone in and set a passwd for the user. Then I actually logged in as the user for grins. Still no good. And, BTW, I'm restarting the webserver after every change to the user to make sure the environment is what I think it is. If a missing passwd was the issue, it should not have worked from the command line either, or am I missing something? -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: Can't get Sudo.pm to run my command but it works from a prompt
On 10/05/2006 03:23 PM, RICHARD FERNANDEZ wrote: if the user has never signed in and the admin never ran passwd user passwd -f user and then that user never went into make his/her password permenant then yes it would matter b/c the passwd is not set. I've gone in and set a passwd for the user. Then I actually logged in as the user for grins. Still no good. And, BTW, I'm restarting the webserver after every change to the user to make sure the environment is what I think it is. If a missing passwd was the issue, it should not have worked from the command line either, or am I missing something? Does the webserver have the proper permissions to invoke that sudo entry? -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
RE: Can't get Sudo.pm to run my command but it works from a prompt
From: Mumia W. [mailto:[EMAIL PROTECTED] Does the webserver have the proper permissions to invoke that sudo entry? AFAIK, yes. I don't think it would be asking for a password if it couldn't run the binary. It just doesn't seem to be pulling the right entry (webuser) out of the sudoers file, even though it's running as webuser. I don't know what else I should be checking... As a test, I temporarily replaced the call to Sudo.pm with a system(/usr/local/bin/sudo...) and it failed the same way. Hmmm. Works from the command line. Doesn't work from cgi-bin. Looks like this may not, strictly speaking, be a Perl question any more, but can anyone point me in the right direction? I can definitely run things out of cgi-bin, otherwise I wouldn't have gotten this far. Thanks again! richf -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: Can't get Sudo.pm to run my command but it works from a prompt
Looks like this may not, strictly speaking, be a Perl question any more, but can anyone point me in the right direction? I can definitely run things out of cgi-bin, otherwise I wouldn't have gotten this far. Most times, apache uses nobody or www user. Check if the user apache uses is mentioned in sudoers file. -- Igor Sutton [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
RE: Can't get Sudo.pm to run my command but it works from a prompt
-Original Message- From: Igor Sutton [mailto:[EMAIL PROTECTED] Sent: Thursday, October 05, 2006 8:17 PM To: RICHARD FERNANDEZ Cc: Beginners List Subject: Re: Can't get Sudo.pm to run my command but it works from a prompt Looks like this may not, strictly speaking, be a Perl question any more, but can anyone point me in the right direction? I can definitely run things out of cgi-bin, otherwise I wouldn't have gotten this far. Most times, apache uses nobody or www user. Check if the user apache uses is mentioned in sudoers file. The user listed in httpd.conf is webuser, the same user I have listed in sudoers. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: Can't get Sudo.pm to run my command but it works from a prompt
On 10/05/2006 07:10 PM, RICHARD FERNANDEZ wrote: From: Mumia W. [mailto:[EMAIL PROTECTED] Does the webserver have the proper permissions to invoke that sudo entry? AFAIK, yes. I don't think it would be asking for a password if it couldn't run the binary. It just doesn't seem to be pulling the right entry (webuser) out of the sudoers file, even though it's running as webuser. I don't know what else I should be checking... As a test, I temporarily replaced the call to Sudo.pm with a system(/usr/local/bin/sudo...) and it failed the same way. Hmmm. Works from the command line. Doesn't work from cgi-bin. Looks like this may not, strictly speaking, be a Perl question any more, but can anyone point me in the right direction? I can definitely run things out of cgi-bin, otherwise I wouldn't have gotten this far. Thanks again! richf Go into sudoers and replace the name of the binary with the name of a script that echoes the real and effective user and group ids. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
RE: Can't get Sudo.pm to run my command but it works from a prompt
From: Mumia W. [mailto:[EMAIL PROTECTED] Go into sudoers and replace the name of the binary with the name of a script that echoes the real and effective user and group ids. Thanks Mumia, and thanks to all who responded. As it turns out, I was able to resolve the problem by replacing '/bin/cp' with '/bin/mv'. Didn't think of it sooner, unfortunately. I'm not sure why mv works and cp doesn't, especially since in my testing I wasn't crossing filesystems. Everything I did was in /tmp. Still, the problem has been resolved, yay! Thanks again!!! richf -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
