• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1942
  • Last Modified:

Problem in calling shell script from "CGI" Perl script

Problem in calling shell script from "CGI" Perl script :

1. We have a shell script which only does SCP (secure copy) of some files from one server to other. The shell script runs fine when run on its own.
2.It even runs fine when run through a normal perl file using "SYSTEM" command.
3.But the same shell script  does not get executed when running through a CGI perl script.
4. We are running the script in the following way :
          my $script = "/export/home/selva_v/intranet/cgi-bin/IR2BC/lib/BO/1.sh";
          my $status  = -1;
          $status = system($script);
               if( $status != 0 )
               $log->debug("Execution NOT Completed.");
               $log->debug("Execution Completed.");
5. It gives as Execution NOT Completed.   Note that the script runs fine on its own . So no errors in the shell script.
6.Even if we use a dummy shell script which just opens a file, then it gives Execution Completed. That means a file should be created, but the file is           not getting created.

Kindly do respond if anyone is able to fix it up.
4 Solutions
could it be a timeout problem of your web server, for example when your scp takes too long?
Executing system commands from CGI scripts is a major potential security hole.  In the other instances you've had success with, the script is executed as you.  In the case of the CGI script, it is executed as whatever user your web server runs as (likely a low-level, limited authority user).

You are, therefore, likely running into a permissions issue (whatever user your web server runs as does not have permission to execute your shell script), or tripping over Perl's taint mode (which will not allow unchecked variables originating from outside the script (e.g. from user input via the web -- these are considered "tainted") to be used in potentially dangerous operations (like system calls) without first being explicitly checked by the script -- you have to run them through a regular expression to "untaint" them).

Can you tell me what OS your web server runs under?  What web server is it?  You can also perhaps find the problem your script is running into by checking your web server's error log.

Put the following line at the beginning of your script:

use CGI::Carp qw(fatalsToBrowser);

This will cause the error the script encounters to be sent back to the browser, depending on the error.

But, forking to a different shell via the system command in a CGI script to simply copy some files seems unnecessarily dangerous to me.  Why not write this functionality into the Perl script itself, rather than a call a shell script?
As mjcoyne suggests, it would be better to do the scp in the perl script instead of the shell script.

use Net::SCP;

I would suspect that you may have a difference in the environment variables that are available in the modes that work and those that do not.  Dump them in both modes and compare them.  
nmretdAuthor Commented:
The probblem is solved. It was a permission problem only. the login in which the web server was running didnt have the req. permissions. thanks for all your comments.

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now