 |
 |
Can Apache run a script as root?
|
|
|
|
|
Addicted to MacNN
Join Date: Sep 2000
Status:
Offline
|
|
I have a perl script, that needs to be run as root. in fact it starts as
Code:
#!/usr/bin/perl -U
#-U necessary to run Unsafe setuid scripts, otherwise setuid operation may fail
So I chown root and chmod 4755 script.cgi
Now when I run the script via perl, I get a 500 error.
When I chmod to 755 as normal, it runs fine (but doesn't do what it's supposed to, since it's not root).
So how can I get it running as root?
|
I always use protection when fscking my Mac... Do you?
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Sep 2002
Status:
Offline
|
|
I can't help with solving the problem, but why does this script need to run
a) as root
b) in unsafe mode?
According to the perlrun manpage, unsafe mode permits directories to be unlinked, and also stops taint errors being fatal. The second is something you really don't want on a script which is going to be run by a webserver.
|
|
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Sep 2000
Status:
Offline
|
|
Originally posted by Richard Edgar:
I can't help with solving the problem, but why does this script need to run
a) as root
b) in unsafe mode?
According to the perlrun manpage, unsafe mode permits directories to be unlinked, and also stops taint errors being fatal. The second is something you really don't want on a script which is going to be run by a webserver.
It's on my file server. I'm doing this so that the script can allow users to change their password for the shell, and samba.
|
I always use protection when fscking my Mac... Do you?
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Sep 2000
Status:
Offline
|
|
Anyone know how to do it? It's a must.
|
I always use protection when fscking my Mac... Do you?
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: May 2001
Status:
Offline
|
|
Originally posted by macvillage.net:
Anyone know how to do it? It's a must.
You know, you could have gone to Google, gotten a page of results, and read the first goddamed link in about two minutes.
I've spent longer composing this post than I did finding that page and reading it.
Allow me to quote:
I think you can't get out of tainted mode under mod_perl.
You will have a big security role if you quit tainted mode.
Perhaps you could ask the mod_perl mailing list, which would be able to answer your question rather quickly, instead of the MacNN Forums - Mac OS X web forum, which isn't even the right place to ask.
|
|
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Apr 2001
Location: Cary, NC
Status:
Offline
|
|
Moose needs to take a chill pill....
See http://forums.macnn.com/showthread.p...t=root+AND+cgi
I was able to figure it out from that... you have to write a C wrapper program I think it was.... of course I can't find my example of this anymore, so I'd be starting over from that thread to figure it out again.
Mike
|
|
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Sep 2000
Status:
Offline
|
|
Thanks Mike... I think that's getting me on the right track.
Code:
#define REAL_PATH "/Volumes/Users/webserver/public_html/password/backend.cgi"
main(ac, av)
char **av;
{
execv(REAL_PATH, av);
}
Is what I used for the wrapper.
the wrapper is named index.cgi
and the perl is named backend.cgi
I chmod the index.cgi to 4755 and chown to root:sys
I cmod the backend.cgi to 755 and chown to root:sys.
When I run it, the script is owned by "www".. not "root".
Why is that/ Shouldn't index.cgi be executed as root... and be running backend.cgi as root?
|
I always use protection when fscking my Mac... Do you?
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
