mod perl installed but not running

[mike cardeiro <mc...@yahoo.com>]

I asked this a few weeks ago.  Is it possible that mod_perl is running but the $ENV{MOD_PERL} variable doesn't exist?
 
it seems like it is running (the site is zippier) and when I restart apache the log file has the following line.

Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.5 Perl/v5.8.8 configured -
- resuming normal operations

am I nuts? it says "mod_perl/2.0.5 Perl/v5.8.8 configured" but if I run a script listing %ENV there is no mod_perl entry.

Mike Cardeiro

Re: mod perl installed but not running

[Dave Hodgkinson <da...@gmail.com>]

On 7 Feb 2012, at 16:08, mike cardeiro wrote:

> 
> 
>> From: André Warnier <aw...@ice-sa.com>
> 
> 
>> You should probably analyse your requirements carefully (as to exactly /why/ you 
>> want the script to run as that user).  
> 
> 
> I am creating a file transfer site.  When a user logs in they can upload a file, so I need the script to write the file to a directory that is not accessible by the webserver;

Welcome to setuid hell.

Re: mod perl installed but not running

[Perrin Harkins <pe...@elem.com>]

On Tue, Feb 7, 2012 at 7:26 PM, André Warnier <aw...@ice-sa.com> wrote:
> You can also look at $CGI::POST_MAX in the same documentation.

See also LimitRequestBody:
http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestbody

- Perrin

Re: mod perl installed but not running

[André Warnier <aw...@ice-sa.com>]

mike cardeiro wrote:
> 
> ----- Original Message -----
>> From: André Warnier <aw...@ice-sa.com>
>>
>> And it doesn't ?
>> The startup message of your Apache seemed to say that it does..
>>
> 
> Yes, it now is running and I am on my way!
> 
Good, then..

about your wish to limit the size of the files someone can upload,
depending on how much they are already using.

You should look at the documentation of CGI.pm, the "CREATING A FILE UPLOAD FIELD" 
section, and particularly the part about the "hook" function.
I have never tried it, but there should be a way there to interrupt the upload and abort 
the POST processing whenever the read file size goes over your limit.

It doesn't really require mod_perl though, it is part of CGI.pm.

You can also look at $CGI::POST_MAX in the same documentation.
The mere fact that this parameter can be set at the script level, seems to indicate that 
it is dynamic, and that you could set it, at least as long as you have not started parsing 
the POST itself (e.g. not called any param() yet).

Re: mod perl installed but not running

[mike cardeiro <mc...@yahoo.com>]

----- Original Message -----
> From: André Warnier <aw...@ice-sa.com>
>
> And it doesn't ?
> The startup message of your Apache seemed to say that it does..
>

Yes, it now is running and I am on my way!

Re: mod perl installed but not running

[André Warnier <aw...@ice-sa.com>]

mike cardeiro wrote:
>> From: André Warnier <aw...@ice-sa.com>
> 
>> To: mod_perl list <mo...@perl.apache.org>
>>
>> Now another question : apart from cgi-bin scripts which run much faster under 
>> mod_perl, have you already tried writing mod_perl-based Apache modules ?
>> (because that's where the really interesting things start, with mod_perl).
>>
> 
> I am a total newb to mod_perl.  This is definitely where I am heading...but I have a loooong way to go, right now I just want to get my system running under mod_perl.
> 
And it doesn't ?
The startup message of your Apache seemed to say that it does..

Re: mod perl installed but not running

[mike cardeiro <mc...@yahoo.com>]

> From: André Warnier <aw...@ice-sa.com>

> To: mod_perl list <mo...@perl.apache.org>
> 
> Now another question : apart from cgi-bin scripts which run much faster under 
> mod_perl, have you already tried writing mod_perl-based Apache modules ?
> (because that's where the really interesting things start, with mod_perl).
>

I am a total newb to mod_perl.  This is definitely where I am heading...but I have a loooong way to go, right now I just want to get my system running under mod_perl.

Mike Cardeiro

Re: mod perl installed but not running

[André Warnier <aw...@ice-sa.com>]

mike cardeiro wrote:
>> From: André Warnier <aw...@ice-sa.com>
> 
>   
>> Very good. And by the same mechanism, you are already avoiding the problem with 
>> all the silly (and sometimes dangerous) names that people can give to their 
>> files.
> 
> that is precisely why I did it this way.

You would be surprised at the number of people who don't think of that issue until after 
they have put their system in place (not even mentioning the question of international 
character sets and their representation in the filesystem).

> 
> 
>> So if your files in the filesystem only have an unique-id as a name, then you 
>> also have a download script, and this download script can also show the users a 
>> nice page with the list of files that they can download, right ? and the links 
>> that are shown are each in turn a call to your download script, to download the 
>> file that they choose, right ?
> 
> yup

I would be tempted to ask what was your original problem then ?

> 
>> And another question : how many files maximum can end up being stored in that 
>> upload/download directory ?
>>
> 
> generally I do it by size. so a user can upload say 5 gigs worth of files and the upload script will query the database for a sum of filesizes of all of that users files to see it they still have space.  This is where I am really exited about the prospect of doing this in mod_perl.  in the past, if you were uploading a 1 gig file but did not have space on your account you would not get an error until the entire file is uploaded.  I am thinking with the way mod_perl works I can query the db for that user  before the entire request (upload) is made and throw an error immediately  (though I could be wrong)
> 
> I guess another thought I need is not only the size of files but the actual number of files...I suppose there is a choking point when there are just too many files in one directory.

Yes, that is why is was asking, because it is also something that many people ignore at 
first.  It used to be worse, but even with current OS'es, there is still a limit as to how 
many files can be in a directory, before any access to it becomes extremely sluggish.  I'd 
say that a limit of 2000 files or so is certainly not to be crossed. Under Windows, I 
would say much less, or else even viewing a directory with Explorer becomes painful.
Since you are giving each file a unique id however, you can decide to split the files into 
a subdirectory structure based on different substrings within that id, to split your files 
into a reasonable amount of separate (sub-)directories. You can decide on a 2-level, 
3-level structure or more, depending on how many files you think you are going to have 
over the next 5 years or so. Fortunately, disks are now large enough and filesystems smart 
enough that you do not need to worry too quickly about space.
If you are planning to go into the hundreds of thousands of files, then you need a smarter 
system, because otherwise you will have trouble keeping track, doing backups, splitting 
these files logically for various purposes etc..

Now another question : apart from cgi-bin scripts which run much faster under mod_perl, 
have you already tried writing mod_perl-based Apache modules ?
(because that's where the really interesting things start, with mod_perl).

Re: mod perl installed but not running

[mike cardeiro <mc...@yahoo.com>]

> From: André Warnier <aw...@ice-sa.com>

  
> Very good. And by the same mechanism, you are already avoiding the problem with 
> all the silly (and sometimes dangerous) names that people can give to their 
> files.

that is precisely why I did it this way.


> 
> So if your files in the filesystem only have an unique-id as a name, then you 
> also have a download script, and this download script can also show the users a 
> nice page with the list of files that they can download, right ? and the links 
> that are shown are each in turn a call to your download script, to download the 
> file that they choose, right ?

yup

> 
> And another question : how many files maximum can end up being stored in that 
> upload/download directory ?
>

generally I do it by size. so a user can upload say 5 gigs worth of files and the upload script will query the database for a sum of filesizes of all of that users files to see it they still have space.  This is where I am really exited about the prospect of doing this in mod_perl.  in the past, if you were uploading a 1 gig file but did not have space on your account you would not get an error until the entire file is uploaded.  I am thinking with the way mod_perl works I can query the db for that user  before the entire request (upload) is made and throw an error immediately  (though I could be wrong)

I guess another thought I need is not only the size of files but the actual number of files...I suppose there is a choking point when there are just too many files in one directory.

Mike Cardeiro

Re: mod perl installed but not running

[André Warnier <aw...@ice-sa.com>]

mike cardeiro wrote:
>> From: André Warnier <aw...@ice-sa.com>
> 
>  >
>> Now, as long as we're there, what happens in your application if two people 
>> upload a file with the same file name ?
>>
> 
> When the upload happens the script makes an entry in a mysql table with 
> the file name, mime type and other info; the table has an autoincremented id 
> field as the primary key.  the script names the uploaded file this id value so every file in the 
> directory is named the id field of their entry in the database so they 
> will all be unigue.  
> 

Very good. And by the same mechanism, you are already avoiding the problem with all the 
silly (and sometimes dangerous) names that people can give to their files.
And I am sure that you also filter these oroginal filenames before writing them to your 
database, right ?  Not that people would be able to upload files with names that contain 
silly characters like <,>,|,;,&,?,spaces, and all these kinds of things.

So if your files in the filesystem only have an unique-id as a name, then you also have a 
download script, and this download script can also show the users a nice page with the 
list of files that they can download, right ? and the links that are shown are each in 
turn a call to your download script, to download the file that they choose, right ?

And another question : how many files maximum can end up being stored in that 
upload/download directory ?

Re: mod perl installed but not running

[mike cardeiro <mc...@yahoo.com>]

> From: André Warnier <aw...@ice-sa.com>

 >
> Now, as long as we're there, what happens in your application if two people 
> upload a file with the same file name ?
>



When the upload happens the script makes an entry in a mysql table with 
the file name, mime type and other info; the table has an autoincremented id 
field as the primary key.  the script names the uploaded file this id value so every file in the 
directory is named the id field of their entry in the database so they 
will all be unigue.  

Thank you for your helpful response(s).  I have been coding for over a 
decade but always on a shared server where I had no access to apache or 
anything other than my own little sandbox so I have never had to deal 
with all this stuff.  It is really fun (and a little scary).  I am learning a lot, it's nice to get help from people who know way more than me!

Mike Cardeiro

Re: mod perl installed but not running

[André Warnier <aw...@ice-sa.com>]

mike cardeiro wrote:
> 
>> From: André Warnier <aw...@ice-sa.com>
> 
> 
>> You should probably analyse your requirements carefully (as to exactly /why/ you 
>> want the script to run as that user).  
> 
> 
> I am creating a file transfer site.  When a user logs in they can upload a file, so I need the script to write the file to a directory that is not accessible by the webserver; when another user logs in they can retrieve the file.
> 

Well, that's what I meant by analysing your requirements properly.
Presumably, your script is the one who accepts the file upload, and writes the file to 
some directory.
Assuming that the script runs under the Apache user-id (the default), that script can 
still write to any directory outside the Apache document_root, as long as that directory 
is writeable by the Apache user-id.
Since that directory is outside the document_root, Apache by itself cannot access it.

To allow some people to retrieve the files, all you then need to do is to provide another 
script that can read that same directory and send a file back to the user.
None of that really requires Apache to run your scripts as another user (which is 
difficult to achieve and full of potential security holes).

Now, as long as we're there, what happens in your application if two people upload a file 
with the same file name ?

Re: mod perl installed but not running

[mike cardeiro <mc...@yahoo.com>]

> From: André Warnier <aw...@ice-sa.com>


> You should probably analyse your requirements carefully (as to exactly /why/ you 
> want the script to run as that user).  


I am creating a file transfer site.  When a user logs in they can upload a file, so I need the script to write the file to a directory that is not accessible by the webserver; when another user logs in they can retrieve the file.

It seems to be running the scripts as me when not using mod_perl (I assume so because the script permissions are 700)

Mike Cardeiro

Re: mod perl installed but not running

[André Warnier <aw...@ice-sa.com>]

mike cardeiro wrote:
>> From: Dave Hodgkinson <da...@gmail.com>
>>
>> What's MaxRequestsPerChild?
>>
> 
> 
> MaxRequestsPerChild 10000
> 
> ...I think I may have figured out the problem.  I think mod perl is running but my scripts are not using it.  I added 
> 
> 
> <Directory "/home/secret34/public_html/cgi-bin">
> 
>     SetHandler perl-script
>     PerlResponseHandler ModPerl::Registry
>     Options +ExecCGI
> 
>  </Directory>
> 
> to httpd.conf now my scripts get the following error
> slurp_filename('/home/secret34/public_html/cgi-bin/login.cgi') / opening: (13) Permission denied at /home/secret34/lib/x86_64-linux-thread-multi/ModPerl/RegistryCooker.pm line 541
> 
> progress.  I assume this is happening because my script permissions are 700 under the user that owns 
> 
> '/home/secret34/public_html/cgi-bin/'
> 
> guess I have more playing around to do.  I want the scripts to run as if run by that user.
> 
Cannot do that, unless you have Apache itself run as that user.
You should probably analyse your requirements carefully (as to exactly /why/ you want the 
script to run as that user).  Then maybe you can solve that by making the Apache user and 
the other user member of the same group, and adapt your file permissions accordingly.
The other solution I can think of, is to run a separate Apache instance under the user you 
want (and listening on a separate port).

Re: mod perl installed but not running

[mike cardeiro <mc...@yahoo.com>]

> From: Dave Hodgkinson <da...@gmail.com>
>
>What's MaxRequestsPerChild?
>


MaxRequestsPerChild 10000

...I think I may have figured out the problem.  I think mod perl is running but my scripts are not using it.  I added 


<Directory "/home/secret34/public_html/cgi-bin">

    SetHandler perl-script
    PerlResponseHandler ModPerl::Registry
    Options +ExecCGI

 </Directory>

to httpd.conf now my scripts get the following error
slurp_filename('/home/secret34/public_html/cgi-bin/login.cgi') / opening: (13) Permission denied at /home/secret34/lib/x86_64-linux-thread-multi/ModPerl/RegistryCooker.pm line 541

progress.  I assume this is happening because my script permissions are 700 under the user that owns 

'/home/secret34/public_html/cgi-bin/'

guess I have more playing around to do.  I want the scripts to run as if run by that user.

Mike Cardeiro

Re: mod perl installed but not running

[Dave Hodgkinson <da...@gmail.com>]

What's MaxRequestsPerChild?

Are there several big fat httpd's whose PIDs remain constant?


On 7 Feb 2012, at 14:18, mike cardeiro wrote:

> I asked this a few weeks ago.  Is it possible that mod_perl is running but the $ENV{MOD_PERL} variable doesn't exist?
>  
> it seems like it is running (the site is zippier) and when I restart apache the log file has the following line.
> 
> Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.5 Perl/v5.8.8 configured -
> - resuming normal operations
> 
> am I nuts? it says "mod_perl/2.0.5 Perl/v5.8.8 configured" but if I run a script listing %ENV there is no mod_perl entry.
> 
> Mike Cardeiro