RE: perl's system() w/ apache under win2k
Greetings.
-Original Message-
[...]
Apparently permissions on winNT is something
unexpected and new for those who are used to older win32 systems.
Moreover, error_log usually tells what the exact problem is when the
code is written properly to report errors (e.g., checking the return
status of system()). My guess is that this should work on winNT too.
I am a little late on this one (vacations) however, it may be of general
[win32] interest highlighting the fact that the allow service to interact
with desktop thingy is just the start
of a more general can of worms that Win{Nt,2K} permissions and general
system interaction open up.
(None of these is mp specific, so sue me :-) )
For documentation purposes I am listing my most popular pet peeves below:
i) allow service to interact with desktop
Not only an issue with GUI-enbled apps, but also with apps that like to use
popups (say, through
MsgBox) and hang forever waiting fot somebody to press OK
ii) Access to networked disks/resources
NT services, by default, run as user LocalSystem which is pretty powerful on
the local machine and
totally powerless network-wide. This means that most accesses to network
resources *WILL* fail UNLESS the service is being told to impersonate a
specific user, whose password must be known and typed in the like-labeled
entry. If this course of action is chosen, then a special user should be
created for this purpose: this will prevent mysterious failures when a
sysadmin changes a password...But read on.
iii) DCOM configuration.
This can kick in for applications using out-of-process COM servers, most
often after the impersonation thing (see (ii)) has been set up. The fact
that DCOM is involved is a little puzzling, however WinNT and siblings
enforce DCOM security rules also across process boundaries.
Basically, one needs to be sure that the user (LocalSystem or whatever) that
the apache service impersonates is also in the access/launch/configure list
for the needed COM servers (this is tipically the default security list, but
an application is permitted to specify its own).
Sounds horrid enough? Wait 'til you've seen the interface of DCOMCNFG.exe -
the application that is used to configure DCOM security... (by the way, to
invoke this one, ypu need to type dcomcnfg in the Start-Run... dialog. It
is not on any menu/control panel applet I know of).
iv) Mounted drives
Drives that are permanently assigned a letter will not be available when
noone is logged on -
this cannot be solved by impersonation and I do not know wether a workaround
is available.
Finding these pitfalls is particularly tricky because they tend to disappear
if someone is logged on the machine, or if apache is run manually rather
than as a service etc. With regard to point (iii) it is interesting to note
that IIS works around it by creating a special user it runs under
(IUSR_fubar).
Cheers,
alf
Re: perl's system() w/ apache under win2k
Terra Info wrote: 2) a probable answer anyhow- [...] Check to see if the user you run apache under is allowed to interact with the desktop. It should be in the services CPL applet under the entry for that service. Check that and restart the service. A related problem that I stumbled upon recently with a mod_perl program on WinNT is that the Win32::Shortcut module (used to create Windows shortcuts, a bit (but not much) like Unix links) doesn't work unless the Apache service is allowed to Interact with the Desktop. - Steve
Re: perl's system() w/ apache under win2k
Doh! I avoid doing system calls to external apps like the plague so I forget things like that. Thanks for catching it, Tom Stas Bekman wrote: Terra Info wrote: [...] application. If you would like to take output from that application then you should write to STDOUT all text you want the perl application to see as a return value from your system() call or `` (backticks) call. you probably meant qx(), as system doesn't return the sub-process' STDOUT, but only the exec status. __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com -- - Terra Novum Research [EMAIL PROTECTED] www.terranovum.com (617) 923-4132 PO Box 362 Watertown, MA 02471-0362 Nothing's so loud, as hearing when we lie; the truth is not kind, and you've said neither am I. - Glenn Philips
Re: perl's system() w/ apache under win2k
On Fri, 3 Jan 2003, Stas Bekman wrote: Terra Info wrote: Two things: 1) this is not the list for this question. 2) a probable answer anyhow- If that's a real pitfall and it's doomed to be a recurrent question, can we please document this under win32/? Also, Randy, it seems that there is whole lot of win32 issues which apply to all mod_perl versions (per our faq discussion), so rather than duplicating them in docs/1.0/os/win32 and docs/2.0/os/win32, we should probably have an area for general win32 issues, e.g. docs/general/os/win32 and point to it from both 1.0 and 2.0. That's a good idea - there are general issues like that. I'll look into creating this. -- best regards, randy
Re: perl's system() w/ apache under win2k
Two things: 1) this is not the list for this question. 2) a probable answer anyhow- The issue is not file permissions (per se) or anything like that. It is the way WinNT and up is built. What you were doing in Win 98 worked because apps all ran in the same user space. Despite logging into a 98 machine you were really executing all programs as the default user and inside that users memory space. That happened to be, for the most part, shared by almost everything else running on the system. Hence when you ran a gui app from within apache the system would display the gui part of it on the screen. Instead of going into how WinNT and up is designed (go over to mikeysoft's site and you may see something there or maybe a MCSE book on Win2K will have the design philosophy in it) let's just skip to the possible fix. Check to see if the user you run apache under is allowed to interact with the desktop. It should be in the services CPL applet under the entry for that service. Check that and restart the service. This may allow your app to run but I doubt it. Also, keep in mind this is not secure at all and your best bet is to see if the app you are running has a /quiet switch or something that will keep it from trying to paint any dialog boxes. If you wrote that app then you should put a hook into it that will allow that option (obviously adding the code to bypass init'n the gui code) and then execute it with that option. Tom Philip Fibiger wrote: Hello all, I've got a pretty simple perl script that used to run on a windows 98 machine running apache just fine. It would use system() to launch a windows app that has a graphical display to sync a ms-sql database to a mysql one. Anyway, it's been replaced by a new machine running win2k, and I'm having some problems. When I attempt to use system() to execute the program under win2k, the program appears to start (it shows up in the task list) but it never gets past that point. The same thing happens with any program that has a gui. I checked permissions, and I can log in w/ the same account apache uses, and I can execute the program just fine. Is there some permissions issue, or some alternate way of launching the program via perl that i'm not seeing? Thanks! Philip -- - Terra Novum Research [EMAIL PROTECTED] www.terranovum.com (617) 923-4132 PO Box 362 Watertown, MA 02471-0362 Nothing's so cold as closing the heart when all we need is to free the soul, but we wouldn't be that brave I know. - Glenn Philips
Re: perl's system() w/ apache under win2k
Terra Info wrote: Two things: 1) this is not the list for this question. 2) a probable answer anyhow- If that's a real pitfall and it's doomed to be a recurrent question, can we please document this under win32/? Also, Randy, it seems that there is whole lot of win32 issues which apply to all mod_perl versions (per our faq discussion), so rather than duplicating them in docs/1.0/os/win32 and docs/2.0/os/win32, we should probably have an area for general win32 issues, e.g. docs/general/os/win32 and point to it from both 1.0 and 2.0. The issue is not file permissions (per se) or anything like that. It is the way WinNT and up is built. What you were doing in Win 98 worked because apps all ran in the same user space. Despite logging into a 98 machine you were really executing all programs as the default user and inside that users memory space. That happened to be, for the most part, shared by almost everything else running on the system. Hence when you ran a gui app from within apache the system would display the gui part of it on the screen. Instead of going into how WinNT and up is designed (go over to mikeysoft's site and you may see something there or maybe a MCSE book on Win2K will have the design philosophy in it) let's just skip to the possible fix. Check to see if the user you run apache under is allowed to interact with the desktop. It should be in the services CPL applet under the entry for that service. Check that and restart the service. This may allow your app to run but I doubt it. Also, keep in mind this is not secure at all and your best bet is to see if the app you are running has a /quiet switch or something that will keep it from trying to paint any dialog boxes. If you wrote that app then you should put a hook into it that will allow that option (obviously adding the code to bypass init'n the gui code) and then execute it with that option. Tom Philip Fibiger wrote: Hello all, I've got a pretty simple perl script that used to run on a windows 98 machine running apache just fine. It would use system() to launch a windows app that has a graphical display to sync a ms-sql database to a mysql one. Anyway, it's been replaced by a new machine running win2k, and I'm having some problems. When I attempt to use system() to execute the program under win2k, the program appears to start (it shows up in the task list) but it never gets past that point. The same thing happens with any program that has a gui. I checked permissions, and I can log in w/ the same account apache uses, and I can execute the program just fine. Is there some permissions issue, or some alternate way of launching the program via perl that i'm not seeing? Thanks! Philip -- __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
Re: perl's system() w/ apache under win2k
I will write up a more publically palatable version of the below and post it for someone more intimately associated with the docs and development to merge into the tree. Keep in mind that this is an issue not just for MP but also any CGI script or frankly any service that allows execution of external binaries that try to initialize and display GUI components. Although I have not tested it, I would imagine that this would be an issue on a Unix/linix variant as well as the design of the OS is similar to WinNT and up. Or the other way around if you want to follow the timeline correctly ;-}. Tom Stas Bekman wrote: Terra Info wrote: Two things: 1) this is not the list for this question. 2) a probable answer anyhow- If that's a real pitfall and it's doomed to be a recurrent question, can we please document this under win32/? Also, Randy, it seems that there is whole lot of win32 issues which apply to all mod_perl versions (per our faq discussion), so rather than duplicating them in docs/1.0/os/win32 and docs/2.0/os/win32, we should probably have an area for general win32 issues, e.g. docs/general/os/win32 and point to it from both 1.0 and 2.0. The issue is not file permissions (per se) or anything like that. It is the way WinNT and up is built. What you were doing in Win 98 worked because apps all ran in the same user space. Despite logging into a 98 machine you were really executing all programs as the default user and inside that users memory space. That happened to be, for the most part, shared by almost everything else running on the system. Hence when you ran a gui app from within apache the system would display the gui part of it on the screen. Instead of going into how WinNT and up is designed (go over to mikeysoft's site and you may see something there or maybe a MCSE book on Win2K will have the design philosophy in it) let's just skip to the possible fix. Check to see if the user you run apache under is allowed to interact with the desktop. It should be in the services CPL applet under the entry for that service. Check that and restart the service. This may allow your app to run but I doubt it. Also, keep in mind this is not secure at all and your best bet is to see if the app you are running has a /quiet switch or something that will keep it from trying to paint any dialog boxes. If you wrote that app then you should put a hook into it that will allow that option (obviously adding the code to bypass init'n the gui code) and then execute it with that option. Tom Philip Fibiger wrote: Hello all, I've got a pretty simple perl script that used to run on a windows 98 machine running apache just fine. It would use system() to launch a windows app that has a graphical display to sync a ms-sql database to a mysql one. Anyway, it's been replaced by a new machine running win2k, and I'm having some problems. When I attempt to use system() to execute the program under win2k, the program appears to start (it shows up in the task list) but it never gets past that point. The same thing happens with any program that has a gui. I checked permissions, and I can log in w/ the same account apache uses, and I can execute the program just fine. Is there some permissions issue, or some alternate way of launching the program via perl that i'm not seeing? Thanks! Philip -- - Terra Novum Research [EMAIL PROTECTED] www.terranovum.com (617) 923-4132 PO Box 362 Watertown, MA 02471-0362 In time-keeping, in trading, in fighting, men counted numbers; and finally, as the habit grew, only numbers counted. Lewis Mumford
Re: perl's system() w/ apache under win2k
Terra Info wrote: I will write up a more publically palatable version of the below and post it for someone more intimately associated with the docs and development to merge into the tree. Great, thank you! Keep in mind that this is an issue not just for MP but also any CGI script or frankly any service that allows execution of external binaries that try to initialize and display GUI components. Although I have not tested it, I would imagine that this would be an issue on a Unix/linix variant as well as the design of the OS is similar to WinNT and up. Or the other way around if you want to follow the timeline correctly ;-}. I believe that Unix users are aware of this issue from the very first steps of using the system and therefore we hardly ever see this kind of questions on this list. Apparently permissions on winNT is something unexpected and new for those who are used to older win32 systems. Moreover, error_log usually tells what the exact problem is when the code is written properly to report errors (e.g., checking the return status of system()). My guess is that this should work on winNT too. If there are similar issues with MacOS X or other platforms, please send the info in, so we will add it to the docs. Though my guess is that MacOS X is based on FreeBSD and therefore all the normal Unix perms concepts apply as is. Correct me if I'm wrong. __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
Re: perl's system() w/ apache under win2k
Here is that doc addition: Why can't my scripts execute external programs with GUI frontends from within Apache/mod_perl when I could under Win9.x? The issue is not an Apache/mod_perl issue per se. Any service that allows execution of external binaries that try to initialize and display GUI components will have problems under OSs like Windows 2K+, Unix, Linux and MacOS X. This would have worked in Win 98 because apps all run in the same user space (under the same user ID). Those resources happened to be, for the most part, linked to almost everything else running on the system. Hence when you ran a gui app from within Apache the system would display the gui part of it on the screen. The OS saw no difference between the web server running in the background and the user's desktop. The best way to deal with this is to see if the application you are trying to run has a /quiet switch or something that will keep it from trying to draw any GUI components/dialog boxes to the screen. If you wrote the application you are trying to execute then you should put a hook into it that will allow that option (obviously adding the code to bypass the gui code) and then execute it with the new option. The best way to execute programs under Perl's system call is to write a console application. If you would like to take output from that application then you should write to STDOUT all text you want the perl application to see as a return value from your system() call or `` (backticks) call. Tom Stas Bekman wrote: Terra Info wrote: I will write up a more publically palatable version of the below and post it for someone more intimately associated with the docs and development to merge into the tree. Great, thank you! Keep in mind that this is an issue not just for MP but also any CGI script or frankly any service that allows execution of external binaries that try to initialize and display GUI components. Although I have not tested it, I would imagine that this would be an issue on a Unix/linix variant as well as the design of the OS is similar to WinNT and up. Or the other way around if you want to follow the timeline correctly ;-}. I believe that Unix users are aware of this issue from the very first steps of using the system and therefore we hardly ever see this kind of questions on this list. Apparently permissions on winNT is something unexpected and new for those who are used to older win32 systems. Moreover, error_log usually tells what the exact problem is when the code is written properly to report errors (e.g., checking the return status of system()). My guess is that this should work on winNT too. If there are similar issues with MacOS X or other platforms, please send the info in, so we will add it to the docs. Though my guess is that MacOS X is based on FreeBSD and therefore all the normal Unix perms concepts apply as is. Correct me if I'm wrong. __ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com -- - Terra Novum Research [EMAIL PROTECTED] www.terranovum.com (617) 923-4132 PO Box 362 Watertown, MA 02471-0362 "The wireless telegraph is not difficult to understand. The ordinary telegraph is like a very long cat. You pull the tail in New York, and it meows in Los Angeles. The wireless is the same, only without the cat." -- Einstein
Re: perl's system() w/ apache under win2k
Terra Info wrote: [...] application. If you would like to take output from that application then you should write to STDOUT all text you want the perl application to see as a return value from your system() call or `` (backticks) call. you probably meant qx(), as system doesn't return the sub-process' STDOUT, but only the exec status. __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
