Problem in calling shell script from "CGI" Perl script

Posted on 2006-05-08
Last Modified: 2010-07-27
Problem in calling shell script from "CGI" Perl script :

1. We have a shell script which only does SCP (secure copy) of some files from one server to other. The shell script runs fine when run on its own.
2.It even runs fine when run through a normal perl file using "SYSTEM" command.
3.But the same shell script  does not get executed when running through a CGI perl script.
4. We are running the script in the following way :
          my $script = "/export/home/selva_v/intranet/cgi-bin/IR2BC/lib/BO/";
          my $status  = -1;
          $status = system($script);
               if( $status != 0 )
               $log->debug("Execution NOT Completed.");
               $log->debug("Execution Completed.");
5. It gives as Execution NOT Completed.   Note that the script runs fine on its own . So no errors in the shell script.
6.Even if we use a dummy shell script which just opens a file, then it gives Execution Completed. That means a file should be created, but the file is           not getting created.

Kindly do respond if anyone is able to fix it up.
Question by:nmretd
    LVL 51

    Assisted Solution

    could it be a timeout problem of your web server, for example when your scp takes too long?
    LVL 17

    Accepted Solution

    Executing system commands from CGI scripts is a major potential security hole.  In the other instances you've had success with, the script is executed as you.  In the case of the CGI script, it is executed as whatever user your web server runs as (likely a low-level, limited authority user).

    You are, therefore, likely running into a permissions issue (whatever user your web server runs as does not have permission to execute your shell script), or tripping over Perl's taint mode (which will not allow unchecked variables originating from outside the script (e.g. from user input via the web -- these are considered "tainted") to be used in potentially dangerous operations (like system calls) without first being explicitly checked by the script -- you have to run them through a regular expression to "untaint" them).

    Can you tell me what OS your web server runs under?  What web server is it?  You can also perhaps find the problem your script is running into by checking your web server's error log.

    Put the following line at the beginning of your script:

    use CGI::Carp qw(fatalsToBrowser);

    This will cause the error the script encounters to be sent back to the browser, depending on the error.

    But, forking to a different shell via the system command in a CGI script to simply copy some files seems unnecessarily dangerous to me.  Why not write this functionality into the Perl script itself, rather than a call a shell script?
    LVL 28

    Assisted Solution

    As mjcoyne suggests, it would be better to do the scp in the perl script instead of the shell script.

    use Net::SCP;
    LVL 8

    Assisted Solution

    I would suspect that you may have a difference in the environment variables that are available in the modes that work and those that do not.  Dump them in both modes and compare them.  

    Author Comment

    The probblem is solved. It was a permission problem only. the login in which the web server was running didnt have the req. permissions. thanks for all your comments.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    On Microsoft Windows, if  when you click or type the name of a .pl file, you get an error "is not recognized as an internal or external command, operable program or batch file", then this means you do not have the .pl file extension associated with …
    I have been pestered over the years to produce and distribute regular data extracts, and often the request have explicitly requested the data be emailed as an Excel attachement; specifically Excel, as it appears: CSV files confuse (no Red or Green h…
    Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now