Re: Restarting Apache2.2 from PERL

2007-08-29 Thread Frank Wiles 
On Wed, 29 Aug 2007 13:23:30 +0100
John ORourke <[EMAIL PROTECTED]> wrote:

> Matthieu FEREYRE wrote:
> >
> > kill -USR1 apache_pid
> >
> > do that extremly well but apache doesn't have the rights to launch
> > it from perl !
> >
> 
> Try writing a script which does it - eg.
> 
> #!/bin/sh
> /etc/init.d/apache restart
> 
> put that somewhere and make it setuid root, then in your perl code
> call
> 
> system("/path/to/your/script &");
> 
> which would launch it in the background and return control sensibly,
> I think.
> 
> The 2 flaws are [1] you have no way to feed back success to the user
> - you could put a Refresh header in the returned page to jump to a
> status page - and [2] any script or user on your server would be able
> to restart it by running the setuid root script.

  While that definitely will work, there is a better solution from 
  a security perspective.  You write a small daemon that either 
  accepts simple messages via IP or a local socket, or just simply
  looks for the existence of some file
  '/home/httpd/restart-apache.now'. 

  When the daemon receives the message or spots the file on disk 
  it could handle the restart for you.  Sure there is a bit of
  a delay compared to issuing your own sigkill, but you don't have
  as much exposure. 

 ---
   Frank Wiles, Revolution Systems, LLC. 
 Personal : [EMAIL PROTECTED]  http://www.wiles.org
 Work : [EMAIL PROTECTED] http://www.revsys.com

Re: Restarting Apache2.2 from PERL

2007-08-29 Thread John ORourke 

Matthieu FEREYRE wrote:


kill -USR1 apache_pid

do that extremly well but apache doesn't have the rights to launch it 
from perl !




Try writing a script which does it - eg.

#!/bin/sh
/etc/init.d/apache restart

put that somewhere and make it setuid root, then in your perl code call

system("/path/to/your/script &");

which would launch it in the background and return control sensibly, I 
think.


The 2 flaws are [1] you have no way to feed back success to the user - 
you could put a Refresh header in the returned page to jump to a status 
page - and [2] any script or user on your server would be able to 
restart it by running the setuid root script.


cheers
John

Réf. : Re: Restarting Apache2.2 from PERL

2007-08-29 Thread Matthieu FEREYRE 
The point of that is to restart apache from a web adress like 
http://my_server/restart (after authentification)
The function :
kill -USR1 apache_pid
do that extremly well but apache doesn't have the rights to launch it from 
perl !
(because the ppid of apache is launched by root)






Stephane GUIBOUD-RIBAUD <[EMAIL PROTECTED]>

29/08/2007 13:56
Remis le : 29/08/2007 13:57

 
Pour :  modperl@perl.apache.org
cc :(ccc : Matthieu FEREYRE/DSEC/SAGEM)
Objet : Re: Restarting Apache2.2 from PERL



It's like a suicide ?
If you kill Apache, you kill yourself.

Probably, you can create a detached process from your script that will
be in charge of making the stuff.

Take care about OS you are running perl on to do this.

Regards

Matthieu FEREYRE a écrit :
> Is it possible to restart Apache from a perl script (executed by Apache) 
?
> 
> I tried to send a Kill system command with no success.
> 
> Any idea ?
> 
> FEREYRE Matthieu
> 
> " Ce courriel et les documents qui y sont attaches peuvent contenir des 
> informations confidentielles. Si vous n'etes pas le destinataire 
> escompte, merci d'en informer l'expediteur immediatement et de detruire 
> ce courriel ainsi que tous les documents attaches de votre systeme 
> informatique. Toute divulgation, distribution ou copie du present 
> courriel et des documents attaches sans autorisation prealable de son 
> emetteur est interdite."
> 
> " This e-mail and any attached documents may contain confidential or 
> proprietary information. If you are not the intended recipient, please 
> advise the sender immediately and delete this e-mail and all attached 
> documents from your computer system. Any unauthorised disclosure, 
> distribution or copying hereof is prohibited."
> 





" Ce courriel et les documents qui y sont attaches peuvent contenir des 
informations confidentielles. Si vous n'etes  pas le destinataire escompte, 
merci d'en informer l'expediteur immediatement et de detruire ce courriel  
ainsi que tous les documents attaches de votre systeme informatique. Toute 
divulgation, distribution ou copie du present courriel et des documents 
attaches sans autorisation prealable de son emetteur est interdite." 

" This e-mail and any attached documents may contain confidential or 
proprietary information. If you are not the intended recipient, please advise 
the sender immediately and delete this e-mail and all attached documents from 
your computer system. Any unauthorised disclosure, distribution or copying 
hereof is prohibited."

Re: Restarting Apache2.2 from PERL

2007-08-29 Thread Stephane GUIBOUD-RIBAUD 

It's like a suicide ?
If you kill Apache, you kill yourself.

Probably, you can create a detached process from your script that will
be in charge of making the stuff.

Take care about OS you are running perl on to do this.

Regards

Matthieu FEREYRE a écrit :

Is it possible to restart Apache from a perl script (executed by Apache) ?

I tried to send a Kill system command with no success.

Any idea ?

FEREYRE Matthieu

" Ce courriel et les documents qui y sont attaches peuvent contenir des 
informations confidentielles. Si vous n'etes pas le destinataire 
escompte, merci d'en informer l'expediteur immediatement et de detruire 
ce courriel ainsi que tous les documents attaches de votre systeme 
informatique. Toute divulgation, distribution ou copie du present 
courriel et des documents attaches sans autorisation prealable de son 
emetteur est interdite."


" This e-mail and any attached documents may contain confidential or 
proprietary information. If you are not the intended recipient, please 
advise the sender immediately and delete this e-mail and all attached 
documents from your computer system. Any unauthorised disclosure, 
distribution or copying hereof is prohibited."

Restarting Apache2.2 from PERL

2007-08-29 Thread Matthieu FEREYRE 
Is it possible to restart Apache from a perl script (executed by Apache) ?
I tried to send a Kill system command with no success.
Any idea ?
FEREYRE Matthieu


" Ce courriel et les documents qui y sont attaches peuvent contenir des 
informations confidentielles. Si vous n'etes  pas le destinataire escompte, 
merci d'en informer l'expediteur immediatement et de detruire ce courriel  
ainsi que tous les documents attaches de votre systeme informatique. Toute 
divulgation, distribution ou copie du present courriel et des documents 
attaches sans autorisation prealable de son emetteur est interdite." 

" This e-mail and any attached documents may contain confidential or 
proprietary information. If you are not the intended recipient, please advise 
the sender immediately and delete this e-mail and all attached documents from 
your computer system. Any unauthorised disclosure, distribution or copying 
hereof is prohibited."