You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by pa...@emc.com on 2002/07/27 00:40:31 UTC
apache mod_perl + suid question
Hello,
I am trying to write a password changing program. For this I have a mod_perl
subroutine
from where I am trying to execute a perl script(with suid permissions 4711),
which is a wrapper and
in turn calls the usermod command on linux with the old and new passwords.
The problem I am having:
1: The usermod command doesn't get executed. I have tried debugging
this...by having a log
file(/usr/local/apache/logs) and the mod_perl process does open the wrapper
script..but then does
nothing. It does not execute the command. What am I doing wrong ? I know
there might be some
quirks with suid permissons and I would like to know how can I overcome
this.
I have something like below from mod_perl subroutine:
my $ret_val = `$wrapper`;
Within the wrapper perl script, I call usermond with the passwds by doing:
$ret = `$usermondcmd 2>&1`
Any help would be much appreciated.
thanks a lot.
-Tushar
Re: mod_perl PerlAccessHandler/PerlAuthenHandler question
Posted by Steve Piner <st...@marketview.co.nz>.
How is your mod_perl configured? Based on the error message you're
getting, it appears that you may not have compiled in support for
authentication or access control.
If you built it yourself, you may need to add PERL_AUTHEN=1 and
PERL_ACCESS=1 to the 'perl Makefile.PL' command line when building
mod_perl. Unless you have reason not to, I'd recommend that you compile
it with EVERYTHING=1.
Steve Piner
Harry Zhu wrote:
>
> I'm a verteran CGIer but a new mod-perl user.
> I have got the mod-perl running fine for the content handling. But when I
> try to step in to other stages like Authentication, and have trouble in
> setting
> PerlAccessHandler
> PerlAuthenHandler
> etc.
>
> If I put
> ###======================
> <Location /mpl/hello>
> SetHandler perl-script
> PerlHandler Apache::Hello
> </Location>
>
> ###======================
> in the perl.conf file, it's ok. I got the expected from the browser. But
> when I changed above to
>
> ###======================
> PerlModule Apache::AuthAnon
> <Location /mpl/hello>
> AuthName Anonymous
> AuthType Basic
> PerlAuthenHandler Apache::AuthAnon
> require valid-user
>
> PerlSetVar Anonymous anonymous|anybody
>
> SetHandler perl-script
> PerlHandler Apache::Hello
> </Location>
>
> ###======================
>
> and try to restart the server, I got
> Syntax error on line 9 of /usr/local/apache/conf/perl.conf:
> Invalid command 'PerlAuthenHandler', perhaps mis-spelled or defined by a
> module not included in the server configuration
>
> When I set up .htaccess in a directory "test" under DocumentRoot,
> ###======================
> PerlAccessHandler Apache::GateKeeper
> PerlSetVar Gate closed
>
> ###======================
> and try to access this directory, the server gives the "Internal Error":
> /usr/local/apache/htdocs/test/.htaccess: Invalid command
> 'PerlAccessHandler', perhaps mis-spelled or defined by a module not included
> in the server configuration
>
> I can add "use Apache::GateKeeper ();" in the startup.pl and start the
> server without problem, so the module itself should be in the proper path
> for tyhe server to load.
>
> Any help on this will be apprieciated.
>
> Harry
> GreatLodge.com
--
Steve Piner
Web Applications Developer
Marketview Limited
http://www.marketview.co.nz
mod_perl PerlAccessHandler/PerlAuthenHandler question
Posted by Harry Zhu <ha...@GreatLodge.COM>.
I'm a verteran CGIer but a new mod-perl user.
I have got the mod-perl running fine for the content handling. But when I
try to step in to other stages like Authentication, and have trouble in
setting
PerlAccessHandler
PerlAuthenHandler
etc.
If I put
###======================
<Location /mpl/hello>
SetHandler perl-script
PerlHandler Apache::Hello
</Location>
###======================
in the perl.conf file, it's ok. I got the expected from the browser. But
when I changed above to
###======================
PerlModule Apache::AuthAnon
<Location /mpl/hello>
AuthName Anonymous
AuthType Basic
PerlAuthenHandler Apache::AuthAnon
require valid-user
PerlSetVar Anonymous anonymous|anybody
SetHandler perl-script
PerlHandler Apache::Hello
</Location>
###======================
and try to restart the server, I got
Syntax error on line 9 of /usr/local/apache/conf/perl.conf:
Invalid command 'PerlAuthenHandler', perhaps mis-spelled or defined by a
module not included in the server configuration
When I set up .htaccess in a directory "test" under DocumentRoot,
###======================
PerlAccessHandler Apache::GateKeeper
PerlSetVar Gate closed
###======================
and try to access this directory, the server gives the "Internal Error":
/usr/local/apache/htdocs/test/.htaccess: Invalid command
'PerlAccessHandler', perhaps mis-spelled or defined by a module not included
in the server configuration
I can add "use Apache::GateKeeper ();" in the startup.pl and start the
server without problem, so the module itself should be in the proper path
for tyhe server to load.
Any help on this will be apprieciated.
Harry
GreatLodge.com
Re: apache mod_perl + suid question
Posted by Stas Bekman <st...@stason.org>.
pandit_tushar@emc.com wrote:
> Hello,
>
> I am trying to write a password changing program.
this article by Lincoln Stein should resolve most of your problems:
http://www.samag.com/documents/s=1286/sam03020006/
and no, don't try to disable the taint mode,
instead read the perlsec manpage to learn how to make your program run
under -T.
--
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
Re: apache mod_perl + suid question
Posted by Philip Mak <pm...@animeglobe.com>.
On Fri, Jul 26, 2002 at 06:40:31PM -0400, pandit_tushar@emc.com wrote:
> 1: The usermod command doesn't get executed. I have tried debugging
> this...by having a log file(/usr/local/apache/logs) and the mod_perl
> process does open the wrapper script..but then does nothing. It does
> not execute the command. What am I doing wrong ?
Try '/usr/sbin/usermod' instead of 'usermod'. It may be a path issue.
Also, 'usermod' might have to be run interactively (rather than
reading from standard input), so you may have to create a virtual
terminal in order to interface with usermod. (I might be wrong on
this, and I can't elaborate further.)
RES: apache mod_perl + suid question
Posted by Vitor <vs...@uol.com.br>.
Hello Tushar,
Try this :
$suid_file = "file_path/suidfile.pl";
$user = "nobody";
$passwd = "kdsak";
(system($suid_file,$user,$$passwd))
or die "Error in suid operation $! ";
Note that suid_file need the following commands :
- chmod 4750
- chown root:httpd
Regards,
Vitor
-----Mensagem original-----
De: pandit_tushar@emc.com [mailto:pandit_tushar@emc.com]
Enviada em: sexta-feira, 26 de julho de 2002 19:41
Para: modperl@perl.apache.org
Assunto: apache mod_perl + suid question
Hello,
I am trying to write a password changing program. For this I have a mod_perl
subroutine
from where I am trying to execute a perl script(with suid permissions 4711),
which is a wrapper and
in turn calls the usermod command on linux with the old and new passwords.
The problem I am having:
1: The usermod command doesn't get executed. I have tried debugging
this...by having a log
file(/usr/local/apache/logs) and the mod_perl process does open the wrapper
script..but then does
nothing. It does not execute the command. What am I doing wrong ? I know
there might be some
quirks with suid permissons and I would like to know how can I overcome
this.
I have something like below from mod_perl subroutine:
my $ret_val = `$wrapper`;
Within the wrapper perl script, I call usermond with the passwds by doing:
$ret = `$usermondcmd 2>&1`
Any help would be much appreciated.
thanks a lot.
-Tushar