Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

File Writing & Deleting on Linux through Web-Interface

by ali.muzaffar (Initiate)
on Dec 18, 2006 at 19:37 UTC ( [id://590533]=perlquestion: print w/replies, xml ) Need Help??

ali.muzaffar has asked for the wisdom of the Perl Monks concerning the following question:

Hi,

I'm trying to create a module that allows users to write a .forward file in their home-dir from a webpage. Basically a module that a user can use to get sendmail to forward their email.

The problem I have is that the code works on my Windows machine, however when I port the code to my Linux server, the code appears to work, the file is never written. Not only can I not seem to write it to a users home directory, I can't get it to write the file at all when the code is executed from the webpage. However, I created a command line version of the code and that works just fine.

I have tried various combinations of the code including:
a) having a .forward in the users home directory that is created and owned by the apache user who has read and write access.
b) Changing permissions on my perl scripts dir so that the directory is owned by the apache user
c) trying to write to a directory that is created and owned by the apache user.

I suspect this has something to do with perl security, can anyone help me? Also, if this wont work, can someone suggest a script or an other way of creating a web-based user interface that allows users to configure sendmail to forward email.

I AM USEING PERL 5.6.0 on my Linux box
(It works on windows which runs 5.8.0 but I dont think this is the reason).
All help is appriciated.

My perl code is below:

#!/usr/bin/perl
use Fcntl;

print "Content-type:text/html\n\n";
print "hello world";

if ($ENV{'REQUEST_METHOD'} eq "GET") {

    $request = $ENV{'QUERY_STRING'};

} elsif ($ENV{'REQUEST_METHOD'} eq "POST") {
    read(STDIN, $request,$ENV{'CONTENT_LENGTH'}) 
        || die "Could not get query\n";

} 

@parameter_list = split(/&/,$request); 
foreach (@parameter_list) {                            # split each va
+riable=value pair
    ($name, $value) = split(/=/);
    $name =~ s/\+/ /g;                                 # replace "+" w
+ith  spaces
    $name =~ s/%([0-9A-F][0-9A-F])/pack("c",hex($1))/ge;
                                                       # replace %nn w
+ith characters
    $value =~ s/\+/ /g;                                # repeat for th
+e value ...
    $name =~ s/%([0-9A-F][0-9A-F])/pack("c",hex($1))/ge;
    if (!(defined $passed{$name})) {
        $passed{$name} = $value;
    } else {
        $passed{$name} .= ":$value";
    }
}


 
#print "$request";
#print "$passed{'username'}";
#print "<br/>$passed{'Submit'}";

print "<br/>";
print "<input type=submit name=Back value=Back onClick='Javascipt:hist
+ory.back(0);'/>";
$file = ".forward";
#$file = "/home/$passed{'username'}/>.forward";
#$file = "c:/$passed{'username'}/.forward";
print "<br/>$file";
if($passed{'Submit'} eq "Submit"){
    if($passed{'mforward'} eq "on"){
        print "<br/>turn mail forward on";
        sysopen (FWD, $file, O_RDWR|O_EXCL|O_CREAT, 0644);
        if($passed{'rcopy'} eq "Yes"){
            printf FWD "\\$passed{'username'}\n";
        }
        print FWD "$passed{'faddress'}";
        close (FWD);

        print "<br/>Mail Forwarding ON mail for: ";
        print "$passed{'username'} forward to $passed{'faddress'} <br/
+>";
        print "$passed{'rcopy'} Copy Retained!";
    
    } else{
        print "<br/>turn mail forward off<br/>";
        if (unlink($file) == 0) {
            print "Forward Removed";
        } else {
            print "ERROR Forward NOT REMOVED";
        }    
    }
} else { 
    

}

[download]

Replies are listed 'Best First'.
Re: File Writing & Deleting on Linux through Web-Interface
by grep (Monsignor) on Dec 18, 2006 at 19:48 UTC
    Do not run this code on any machine. You are setting yourself up for a world of hurt.

    Read use CGI or die;, Web Programming with Perl and taint before you attempt this script again.

    I know this is not the answer you were looking for and I hope no one gives you the answer to making this scipt function, but this will help you in the long run. If you run into problems using the suggestions above please feel free to post the code in question here.

    grep
    1)Gain XP 2)??? 3)Profit

[reply]
Re: File Writing & Deleting on Linux through Web-Interface
by derby (Abbot) on Dec 18, 2006 at 19:58 UTC

    Well besides the points [id://grep] pointed out --

    • Use strict and warnings
    • "/home/$passed{'username'}/>.forward"; ??? (that's not right ... neither is just .forward)
    • sysopen ??? (use open)
    • onClick handler?? (how is the form ever submitted?)

    -derby
[reply]
[d/l]
      I didnt include the HTML calling page as you could have just passed the appropriate params from the URL.

      Thanks everyone, I was concerned about the security aspect but the machine in question would only have access on the intranet. So I let it fly, If I write the text to a database and then use cron to call a perl script that runs, lets say once a day, to write the file, would that work?
[reply]
Re: File Writing & Deleting on Linux through Web-Interface
by philcrow (Priest) on Dec 18, 2006 at 19:51 UTC
    Linux is wisely reminding you that the web server user (which owns the web server processes) should not be writing to people's home directories. You need some kind of a facade between the web interface and the writing of the files. That facade needs to be primarily concerned with security.

    Phil

[reply]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://590533]
Approved by chargrill
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others musing on the Monastery: (4)
As of 2024-04-25 14:04 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found