[Israel.pm] SYSTEM

Oron Peled oron at actcom.co.il
Tue Feb 10 13:29:55 PST 2004


On Tuesday 10 February 2004 15:06, Georges EL OJAIMI wrote:
> I am always getting the there is no permission to do it?

Hmmm... you don't have permission to create a subdirectory, but you
expect to have a permission to change permissions...

> The server is running Linux and Apache. Does anyone know how to run PERL
> as superuser?

Running a perl script as root from apache is like trying to cut bread with
an axe -- you would probably cut you fingers before having sliced bread.

In short -- avoid this path at all cost.

Now let's see if we can find a better solution.
 
> This is a sample of what I am trying to execute using the system
> function:
> 
> > chmod 777  /home/user/public_html/
> > mkdir userdirectory
> > cp -r /home/user/public_html/temp/
> /home/user/public_html/userdirectory
> > cd userdirectory
> > mkdir images
> > cd images
> > mkdir Big
> > mkdir Small
> > chmod -R 777  /home/user/public_html/userdirectory/images
> > chmod 755  /home/user/public_html/

Ideas:
  1. Why not let the user create the directories a-priori? Are the names
     dynamic in some way? (if it is hard for the user, you may wrap it with
     a script he runs). Or if you need it for every user than create it as
     root a-priory.
  2. If 1. is unfeasible, than you can chgrp the directory to some special
     group and make the apache user a member of this group. Than you can
     have the directory permissions set to 775 and not the horrible 777.
     You may want to set the SGID bit of this directory (i.e: chmod 2775)
     to make every file/subdirectory inherit the group membership.

Note that if you provide some way to chmod it 777 from apache, than chmoding
it back to 755 doesn't add any *real* security -- you are already exposed.

If you are doing these things as root to your users, make sure they know
about what you intend to do and agree to this. I know what would happen
to a would-be sys-admin that would give a 777 permissions to *my* public_html
(or mess with any other directory/file under *my* home directory).

-- 
Oron Peled                             Voice/Fax: +972-4-8228492
oron at actcom.co.il                  http://www.actcom.co.il/~oron

MCSE: Must Consult Someone Experienced




More information about the Perl mailing list