RE: mod_perl not able to run some pl files.

["Bheema Rao Merugu, BSC, Ambattur, Chennai" <bh...@crm.hcltech.com>]

Hi,

  I am sorry please find the out put that you are asking for.

  #  find /usr/local/apache/lib -name CGI.pm -ls
  372763  228 -rwxrwxrwx  1 root     system     230097 May 27 16:50
/usr/local/apache/lib/perl5/5.8.3/CGI.pm

Thanks,
Bheema.

-----Original Message-----
From: Brian Reichert [mailto:reichert@numachi.com]
Sent: Monday, May 31, 2004 9:52 PM
To: Bheema Rao Merugu, BSC, Ambattur, Chennai
Cc: Brian Reichert; Tom Schindl; Perrin Harkins; mod_perl
Subject: Re: mod_perl not able to run some pl files.


On Mon, May 31, 2004 at 01:19:22PM +0530, Bheema Rao Merugu, BSC,
Ambattur, Chennai wrote:
> Hi,
> 
>    I have noticed one thing while running the perl files.
> 
>    in my httpd.conf the user and group names are 
>    User nobody
>    Group nobody	
>    if I change Group name as system
>    User nobody
>    Group system
>    perl files are running fine without any error its giving the
problem
> when i am running with group as 'nobody'

Something I had suggested earlier:

> For example, is there a file called CGI.pm somewhere under that
> perl tree?
> 
>   find /usr/local/apache/lib -name CGI.pm -ls
> 
> What are the permissions on it?  If you installed as root, but had
> a restrictive umask, it may not be world-readable, which would
> thwart the apache process from reading it.

I'm guessing that it's group readable.  But we'll never know, if
you don't answer the questions I asked. :/

> Thanks,
> Bheema.

-- 
Brian Reichert				<re...@numachi.com>
37 Crystal Ave. #303			Daytime number: (603) 434-6842
Derry NH 03038-1713 USA			BSD admin/developer at large	

-- 
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html

Re: mod_perl not able to run some pl files.

[Stas Bekman <st...@stason.org>]

Brian Reichert wrote:
> On Tue, Jun 01, 2004 at 10:24:33AM +0530, Bheema Rao Merugu, BSC, Ambattur, Chennai wrote:
> 
>>Hi,
>>
>>  I am sorry please find the out put that you are asking for.
>>
>>  #  find /usr/local/apache/lib -name CGI.pm -ls
>>  372763  228 -rwxrwxrwx  1 root     system     230097 May 27 16:50
>>/usr/local/apache/lib/perl5/5.8.3/CGI.pm
> 
> 
> Egads: a root-owned file that world-writable?!  That's _very_ uncool.
> 
> If, by merely changing the group the web server runs as suddenly
> make things work, it still leads me to think that the permissions
> are off in your Perl tree.
> 
> Perl does not install modules world-writable; I think that someone
> changed permissions on this file, after the fact. :/
> 
> If any component in the path /usr/local/apache/lib/perl5/5.8.3/CGI.pm
> is not world-readable, or, in the case of a directory, world-executable,
> then user/group nobody/nobody won't be able to read the file.
> 
> But this file should certainly not be world-writable.

We had to deal with similar problems in Apache-Test. After many rewrites the 
following code is used to check whether some directory is -rwx by a certain 
user. You can adjust it to just check for -rx. It emulates the exact thing 
that happens when Apache spawns child processes and drops root priveledges.

Just like Apache, this is run as root, and you need to add $uid and $gid of 
that user the server is running under. $dir is the dir you want to check;

perl -MApache::TestRun -e 'eval { Apache::TestRun::run_root_fs_test($uid, 
$gid, q[$dir]) }';

You can get the two vars from the username:

my($uid, $gid) = (getpwnam($user))[2..3]

And this is the actual test sub:

# this sub is executed from an external process only, since it
# "sudo"'s into a uid/gid of choice
sub run_root_fs_test {
     my($uid, $gid, $dir) = @_;

     # first must change gid and egid ("$gid $gid" for an empty
     # setgroups() call as explained in perlvar.pod)
     my $groups = "$gid $gid";
     $( = $) = $groups;
     die "failed to change gid to $gid"
         unless $( eq $groups && $) eq $groups;

     # only now can change uid and euid
     $< = $> = $uid+0;
     die "failed to change uid to $uid" unless $< == $uid && $> == $uid;

     my $file = catfile $dir, ".apache-test-file-$$-".time.int(rand);
     eval "END { unlink q[$file] }";

     # unfortunately we can't run the what seems to be an obvious test:
     # -r $dir && -w _ && -x _
     # since not all perl implementations do it right (e.g. sometimes
     # acls are ignored, at other times setid/gid change is ignored)
     # therefore we test by trying to attempt to read/write/execute

     # -w
     open TEST, ">$file" or die "failed to open $file: $!";

     # -x
     -f $file or die "$file cannot be looked up";
     close TEST;

     # -r
     opendir DIR, $dir or die "failed to open dir $dir: $!";
     defined readdir DIR or die "failed to read dir $dir: $!";
     close DIR;

     # all tests passed
     print "OK";
}

so you probably want to convert it to a script and do your testing. This could 
be a good addition to the modperl debug utils toolbox.

I'll leave it to you to put all these pieces together.

-- 
__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

-- 
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html

Re: mod_perl not able to run some pl files.

[Brian Reichert <re...@numachi.com>]

On Tue, Jun 01, 2004 at 10:24:33AM +0530, Bheema Rao Merugu, BSC, Ambattur, Chennai wrote:
> Hi,
> 
>   I am sorry please find the out put that you are asking for.
> 
>   #  find /usr/local/apache/lib -name CGI.pm -ls
>   372763  228 -rwxrwxrwx  1 root     system     230097 May 27 16:50
> /usr/local/apache/lib/perl5/5.8.3/CGI.pm

Egads: a root-owned file that world-writable?!  That's _very_ uncool.

If, by merely changing the group the web server runs as suddenly
make things work, it still leads me to think that the permissions
are off in your Perl tree.

Perl does not install modules world-writable; I think that someone
changed permissions on this file, after the fact. :/

If any component in the path /usr/local/apache/lib/perl5/5.8.3/CGI.pm
is not world-readable, or, in the case of a directory, world-executable,
then user/group nobody/nobody won't be able to read the file.

But this file should certainly not be world-writable.

> Thanks,
> Bheema.

-- 
Brian Reichert				<re...@numachi.com>
37 Crystal Ave. #303			Daytime number: (603) 434-6842
Derry NH 03038-1713 USA			BSD admin/developer at large	

-- 
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html