Solved

Ownership problems with PERL.

Posted on 1998-10-17
8
171 Views
Last Modified: 2010-03-05
Hey,
    Whenever PERL creates a file on my server it's ownership is set to "nobody" instead of my name.  Now I don't own the server, but I know the owner enough so he'd make changes.  So how would I change it so I have ownership of the files without compermising security?

Thanks in Advance
0
Comment
Question by:cide
  • 4
  • 3
8 Comments
 
LVL 1

Expert Comment

by:ghjm
ID: 1205466
There has to be more to this than you're telling us. The process running the perl script must be suid nobody. If you want the files to be created owned by your account, the process will have to run suid you. Whether this is possible, or whether it will create a security compromise, very much depends on the details. Is this a cgi script for a Web server?
0
 

Author Comment

by:cide
ID: 1205467
When I telnet into my server and type ls -l it returns:
drwxr-xr-x   2 nobody  other       3072 Oct 17 23:45 file
when it should return:
drwxr-xr-x   2 myname  other       3072 Oct 17 23:45 cgi-bin

How do I make PERL change the ownership of that file?  Yes it is a cgi-script off a web server.
0
 
LVL 1

Expert Comment

by:ghjm
ID: 1205468
If the cgi script is running under the account "nobody" then it does not have permission to create a file owned by "myname."  One thing that might help, if nobody and myname are in fact members of the same group (as you indicate), is to create the file or directory mode 0770 instead of 0700 (ie, rwxrwxr-x) - then you will be able to edit the file from your user account.
0
 

Author Comment

by:cide
ID: 1205469
Anyway to get it so I actually own the files?
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 1

Expert Comment

by:ghjm
ID: 1205470
I don't understand what you want besides what I've already given you. If you want the files to be owned by you, then the process that creates them has to run under your uid. If the process is running as nobody then the files will be owned by nobody.
0
 

Accepted Solution

by:
nvoxland earned 50 total points
ID: 1205471
If you run chmod 6755 on your cgi script it will run (and therefore output files) as whoever owns the script (you) rather than the user that is running the script (nobody).  Doing this does open some security holes in that if the script can now do anything you can do, but this shouldn't be too much of a problem as long as you aren't passing in dangerous parameters or are checking them before they are used.  
0
 

Author Comment

by:cide
ID: 1205472
I get the following error message when I try to chmod my files 6755:
501 CHMOD: Mode value must be between 0 and 0777
0
 

Author Comment

by:cide
ID: 1205473
Well I did the chmod through telnet rather then FTP and it seems to work only now some of my files that would write under the old premissions won't write anymore.  Any idea why?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many time we need to work with multiple files all together. If its windows system then we can use some GUI based editor to accomplish our task. But what if you are on putty or have only CLI(Command Line Interface) as an option to  edit your files. I…
Checking the Alert Log in AWS RDS Oracle can be a pain through their user interface.  I made a script to download the Alert Log, look for errors, and email me the trace files.  In this article I'll describe what I did and share my script.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now