Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Executing a program as another user

by nomis80 (Sexton)
on Feb 13, 2002 at 02:56 UTC ( [id://145051]=perlquestion: print w/replies, xml ) Need Help??

nomis80 has asked for the wisdom of the Perl Monks concerning the following question:

My Perl program is not running as root, but it knows the username and the password of another user. Is there any way of making it run another program as this user? I tried with "su -c" and printing the password to su's STDIN, but su is secure and complains if its STDIN is not a tty.

Replies are listed 'Best First'.
Re: Executing a program as another user
by particle (Vicar) on Feb 13, 2002 at 03:59 UTC
    if available, you should run setuid processing. perl's even built to handle it... see the special variables
    $< (real user id), $> (effective user id), $( (real group id), $) (effective group id)
    i've run a lot of scripts under setuid. it's secure, and it works.

    ~Particle

      I can't run setuid as the user as which the script must be run is decided upon dynamically. chmodding every time is impossible since the initial script is a CGI and I would run into race conditions.
Re: Executing a program as another user
by wog (Curate) on Feb 13, 2002 at 03:31 UTC
    You could use Expect.pm to have your program communicate with su through a tty.
      Could you please supply some example? I have trouble simply understanding what Expect.pm is supposed to do. ;)
        Well, I guess the CPAN site I pointed to doesn't have really up-to-date documentation... More recent docs for Expect.pm are here, and would be helpful if you haven't already seen them. As for examples, the Expect package comes with a bunch of "tutorial" code, which can be seen here. (Link to web view of CVS; click on the reversion number to view anyone of those docs quickly...)
Re: Executing a program as another user
by tstock (Curate) on Feb 13, 2002 at 03:54 UTC
    If you're on a unix system, you could log in as the other user once and setuid the script:

    chmod 4755 script_name
    

    I recommend reading perlsec (man perlsec) before doing this.

    Tiago
      The target user is dynamic. Therefore I can't chmod it. I could chmod it every time I run the script, but since the script is a CGI, I would run into race conditions. The task would also be much simpler if the target script to be run as another user wasn't the initial script itself. ;)
        take a look at CGIwrap, I think it might fit your needs really nicelly, and would have sugested sooner if I knew you wanted to run the script as a CGI.

        http://cgiwrap.unixtools.org/

        Good luck,
        Tiago
Re: Executing a program as another user
by vek (Prior) on Feb 13, 2002 at 03:35 UTC
    You wouldn't have a problem if you just ran your perl program as the other user surely?
      The initial script is a CGI script and is therefore run as apache.apache.
        Ok now I get it. You didn't mention that you were referring to a CGI script. You're right, you shouldn't run any other programs as apache.apache for security reasons.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://145051]
Approved by root
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others learning in the Monastery: (5)
As of 2024-03-28 14:17 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found