Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

[Perl] System command via Apache.

Options
  • 12-08-2011 5:31pm
    #1
    azzeretti
    Registered Users Posts: 1,477 ✭✭✭


    Does anyone have any crafty ways of getting a perl script to execute a system command without using sudo.

    I am trying preform a job that is outside the "www-data" users permission scope so it fails quickly. I can't install anything else on the system and sudo isn't there. I initally tried to get the script to ssh to the localhost as a user with the correct permissions but for some reason (and 2 hours wasted) I can't managed to get this to work, I think it might be the "www-data" users permissions too.

    Anyway, has anyone any ideas?


Comments

  • Options
    #2
    ocallagh
    Registered Users Posts: 3,140 ✭✭✭ocallagh


    Can you login with a user that has the required permissions?

    If so, just setup a crontab for that user to execute the script.

    If not, then I don't think you'll be able to crack it - security on Linux is not easy to get around. You'll need to ask the administer of the server to do it for you


  • Options
    #3
    stesh
    Registered Users Posts: 297 ✭✭stesh


    azzeretti wrote: »
    Does anyone have any crafty ways of getting a perl script to execute a system command without using sudo.

    I am trying preform a job that is outside the "www-data" users permission scope so it fails quickly. I can't install anything else on the system and sudo isn't there. I initally tried to get the script to ssh to the localhost as a user with the correct permissions but for some reason (and 2 hours wasted) I can't managed to get this to work, I think it might be the "www-data" users permissions too.

    Anyway, has anyone any ideas?

    Can you contact your administrator and ask for privileges to do what you want to do?

    If you have shell access to a higher-privileged account on the box, you could setuid a shell script doing whatever it is you need to do owned by the higher-privileged user, and have www-data execute that. Any account on the system would then be able to execute the script with the privileges of the owner of the script. So, you would need to be really, really careful about how the executable is written, and what it does (if it's a shell script, lots and lots and lots of quotes to prevent shell injections) as it risks compromising the higher-privileged account, possibly including the website you're working on.


  • Options
    #4
    azzeretti
    Registered Users Posts: 1,477 ✭✭✭azzeretti


    ocallagh wrote: »
    You'll need to ask the administer of the server to do it for you

    That would be me!

    I didn't really explain this well but I managed to get it done anyway. I am writing a web based maintenance site to administer certain system tasks - on the fly (this rules out using cron as there would be some delay there). The trouble was any time I ran a CGI script to preform the task the www-data user didn't have permission to do it. I ended up creating forms to specify the jobs to run but requiring a user/pass input for SU to run. I then invoked SU with the parameters and used EXPECT to make it all work.

    I am not 100% about the security of this though so I will need some more testing to make sure!

    Thanks for the replies.


Advertisement