Advertisement

12.19.2007 at 07:09AM PST, ID: 23033544
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
9.4
Running SCP via CGI Perl Script
Zones: Perl Programming Language, Linux, CGI Scripting
Tags: perl, scp, script
I have a perl script that uses SCP to move a file between 2 machines.  I can use either Net::SCP or system("scp...") to copy the file -- no problems there.

Now I want to invoke this script via a website.  User clicks on a form, it invokes my perl script, the script moves the file.   This isn't working, because the perl script executes under username "wwwrun", and this username doesn't have access to the required private key.  I've tried using system("scp -i keyfile"), but it isn't working.

How can I get this script to work?  
Start your free trial to view this solution
Question Stats
Zone: Programming
Question Asked By: cs76737
Solution Provided By: Tintin
Participating Experts: 3
Solution Grade: A
Views: 58
Translate:
Loading Advertisement...
12.19.2007 at 11:11AM PST, ID: 20501944

Rank: Master

Rance_Hall:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
12.19.2007 at 11:13AM PST, ID: 20501966

Rank: Master

Rance_Hall:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
12.19.2007 at 01:54PM PST, ID: 20503328

Rank: Sage

Tintin:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
12.20.2007 at 03:28AM PST, ID: 20505918

Rank: Wizard

ahoffmann:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
12.30.2007 at 03:01PM PST, ID: 20552416
cs76737:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
12.30.2007 at 03:09PM PST, ID: 20552438
cs76737:

All comments and solutions are available to Premium Service Members only.

Start your 7 day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
Loading Advertisement...
Microsoft
  • Internet Protocols
  • Applications
  • Development
  • OS
  • Hardware
  • Windows Security
Apple
  • Operating Systems
  • Hardware
  • Programming
  • Networking
  • Software
Internet
  • Search Engines
  • File Sharing
  • WebTrends / Stats
  • Spy / Ad Blockers
  • Web Browsers
  • New Net Users
  • Web Development
  • Chat / IM
  • Anti Spam
  • Web Servers
  • Anti-Virus
  • Email Clients
Gamers
  • Tips
  • Online / MMORPG
  • Puzzle
  • Emulators
  • Action / Adventure
  • Role Playing
  • Consoles
  • Game Programming
  • Strategy
  • Sports
  • Misc
  • Computer Games
Digital Living
  • Hardware
  • New Net Users
  • New Users
  • Software
  • Digital Music
  • Gaming World
  • Home Security
  • Apple
  • Networking Hardware
Virus & Spyware
  • Vulnerabilities
  • IDS
  • Encryption
  • Anti-Virus
  • Operating Systems Security
  • Software Firewalls
  • WebApplications
  • Cell Phones
  • Operating Systems
  • Internet
  • Hardware Firewalls
Hardware
  • Handhelds / PDAs
  • Displays / Monitors
  • Components
  • Networking Hardware
  • Peripherals
  • Laptops/Notebooks
  • Storage
  • Servers
  • Desktops
  • New Users
  • Misc
  • Apple
Software
  • System Utilities
  • Industry Specific
  • Network Management
  • Photos / Graphics
  • Page Layout
  • VMWare
  • Misc
  • Web Development
  • OS
  • CYGWIN
  • Voice Recognition
  • Message Queue
  • Quality Assurance
  • Security
  • Firewalls
  • MultiMedia Applications
  • Development
  • Database
  • Office / Productivity
  • Business Management
  • OS/2 Apps
  • Server Software
  • Internet / Email
ITPro
  • OS
  • Storage
  • Encryption
  • Operating Systems Security
  • Apple Hardware
  • Laptops & Notebooks
  • Servers
  • Networking Hardware
  • Peripherals
  • Devices
  • Displays / Monitors
  • WebTrends / Stats
  • Search Engines
  • Firewalls
  • WebApplications
  • IDS
  • Vulnerabilities
  • Email Clients
  • File Sharing
  • Spy / Ad Blockers
  • Web Browsers
  • Web Servers
  • Networking
  • Anti-Virus
  • Chat / IM
  • Anti Spam
Developer
  • Web Servers
  • Web Browsers
  • Game Programming
  • Dev Tools
  • Industry Specific
  • Office / Productivity
  • Database
  • CYGWIN
  • Web Development
  • Search Engines
  • File Sharing
  • WebTrends / Stats
  • Programming
  • Content Management
  • Application Servers
  • Protocols
Storage
  • Removable Backup Media
  • Storage Technology
  • Servers
  • Grid
  • Remote Access
  • Backup / Restore
  • Misc
  • Hard Drives
OS
  • Miscellaneous
  • Security
  • Development
  • Linux
  • VMWare
  • MainFrame OS
  • Unix
  • Apple
  • OS / 2
  • AS / 400
  • BeOS
  • Microsoft
  • VMS / OpenVMS
Database
  • Oracle
  • Miscellaneous
  • MySQL
  • Software
  • Sybase
  • Contact Management
  • PostgreSQL
  • Data Manipulation
  • Clarion
  • InterSystems Cache
  • Siebel
  • MUMPS
  • OLAP
  • SQLBase
  • SAS
  • GIS & GPS
  • 4GL
  • Berkeley DB
  • DB2
  • Informix
  • Interbase / Firebird
  • FoxPro
  • Reporting
  • LDAP
  • Filemaker Pro
  • MS SQL Server
  • dBase
  • MS Access
Security
  • Misc
  • Web Browsers
  • Software Firewalls
  • Operating Systems Security
  • File Sharing
  • Spy / Ad Blockers
  • Vulnerabilities
  • WebApplications
  • IDS
  • Anti-Virus
  • Encryption
  • Anti Spam
  • Email Clients
  • VPN
  • Chat / IM
Programming
  • Editors IDEs
  • Installation
  • Handhelds / PDAs
  • Multimedia Programming
  • System / Kernel
  • Algorithms
  • Game
  • Signal Processing
  • Project Management
  • Open Source
  • Database
  • Misc
  • Languages
  • Processor Platforms
  • Theory
Web Development
  • Scripting
  • Blogs
  • Web Servers
  • Software
  • Search Engines
  • Web Graphics
  • Images
  • Internet Marketing
  • Images and Photos
  • Components
  • Document Imaging
  • Web Languages/Standards
  • Illustration
  • WebApplications
  • Fonts
  • WebTrends / Stats
  • Authoring
  • Digital Camera Software
  • Miscellaneous
Networking
  • Protocols
  • Apple Networking
  • Network Management
  • Message Queue
  • Application Servers
  • Content Management
  • File Servers
  • Email Servers
  • Misc
  • Java Editors & IDEs
  • Wireless
  • Networking Hardware
  • Backup / Restore
  • System Utilities
  • ISPs & Hosting
  • Web Servers
  • Storage Technology
  • Removable Backup Media
  • Servers
  • Broadband
  • Grid
  • OS / 2
  • Novell Netware
  • Unix Networking
  • Windows Networking
  • Security
  • Telecommunications
  • Operating Systems
  • Linux Networking
Other
  • Community Advisor
  • Lounge
  • Community Support
  • New Net Users
  • Philosophy / Religion
  • Math / Science
  • Miscellaneous
  • URLs
  • Expert Lounge
  • Politics
  • Puzzles / Riddles
Community Support
  • Suggestions
  • New to EE
  • New Topics
  • Community Advisor
  • CleanUp
  • Announcements
  • General
  • Feedback
  • Input
  • EE Bugs
 
12.19.2007 at 11:11AM PST, ID: 20501944

Rank: Master

Rance_Hall:
this is a common problem with perl scripts, the user that calls the script (via some automated process) is not the user that needs to RUN the script.

How to do this?

its called a setuid perl script, and basically what happens is that the the script has the ablility to change its user privileges on the fly.

There are a great many possible problems where setuid perl scripts can create security concerns, but there are corner cases where there just isnt any other way to do it.

The most common approach is that the root user must run the script no matter what user started the script.

look for the setuid perl package for your distro

on redhat and friends its called perl-suidperl

install this package, and then you need to do the following:

(WARNING - if you arent careful and dont pay attention, you can royally screw up your system, practice this in a lab setting first)

find the script you want to run and apply the setuid bit to it

first chown the file to the user that needs to run the script, then apply the setuid bit

if you have mc installed use that tool, its graphical enough its clear what you need to do.

if you dont, chmod +s /path/to/script should work

do a

ls -l /path/to/script

and the permissions part of the output should look something like this:

-rwsr-sr-x

thats chmod 755 plus the setuid bit

now when you run the perl script it will run with the permsissions of the owner of the script.

depending on what your script actually does, this may be all you need to do.

but if you script has to make system calls, or call other scripts, they might not execute with the permsissions you think they should.

a perl script will know that it has been called as a setuid script and it will actually carry with it TWO sets of permissions the user who called the script, and the user that is the setuid user.  Perl calls them the real user and the effective user.

if you have to ( and only if you have to, meaning run a test and see if you get the results you want first) add the code snippet below to the top of your script before your script does anything:

<begin code>
# set real userid to effective userid since this is a suidperl script
$< = $> ;
<end code>





Almost done....

you will also possibly need to edit the script itself to add a single command at the top

 
12.19.2007 at 11:13AM PST, ID: 20501966

Rank: Master

Rance_Hall:
never mind the last two lines of my above post, I pasted in the wrong place.  sorry about that.
 
12.19.2007 at 01:54PM PST, ID: 20503328

Rank: Sage

Tintin:
What you should do is generate a ssh key pair for the wwwrun user and copy its public key to the user on the remote server you want to copy the file to.
Accepted Solution
 
12.20.2007 at 03:28AM PST, ID: 20505918

Rank: Wizard

ahoffmann:
you either have to give the proper keys to user wwwrun's keyring, or your have to call your scp as proper user, something like:
  system("su","-c","username","scp ...");
 
12.30.2007 at 03:01PM PST, ID: 20552416
cs76737:
Hi Everybody -- I apologize for not replying sooner.  I was on vacation -- get very little of those, so I stayed away from the computer.  

Tintin, there is no home directory for user WWWRUN.  How can I create a key ring for this user?  This would be my preferred way of solving the problem.
 
12.30.2007 at 03:09PM PST, ID: 20552438
cs76737:
Tintin -- never mind.  I was able to figure out WWWRUN's home directory, so I knwo where to put the private key.  

One last question, how should I generate this key?  I am the root user.  If I run ssh -t dsa to build a key, it will be for root@domain.  How can I create one for wwwrun@domain, since I can't log in as wwwrun.

thanks,
 
 
cs76737
12.30.2007 at 03:46PM PST, ID: 20552527
One important issue for people reading this solution.  The machine that you're accessing must also be in your system's "known_hosts" file or in wwwrun's known_hosts file.  Don't forget to change ownership  permission on any of the keys in wwwrun's folder.
 
 
Tintin
12.30.2007 at 06:41PM PST, ID: 20553110
As the root user, you can just do

su - wwwrun

and then run

ssh-keygen -t dsa
 
 
 
20080236-EE-VQP-29 / EE_QW_2_20070628