wanradt has asked for the wisdom of the Perl Monks concerning the following question:
Fellow devoted,
I have problem which i have not found good solution.
There is three (Linux) users A, B and C who scan images to ~/images/scan
They should upload those pics to the remote server where they don't have accounts.
Therefor is user X, who has access to remote server, but who has no access to user's home directories.
So far i had the "remote server" in my LAN and i did not worry about plain text password too much. I made perl script, which runs with setgid and get by group rights credentials to local FTP-server but run with user's permission, so it had access to home directory trees.
Now i have "remote server" far away and wanted to work out something more secure and without passwords. scp with authorized keys seemed very good way for this.
So first i tried with Net::SCP, but if runned it with setuid in user X rights, it could access server, but not users Homes. And if runned it with setgid, it has access to local homes, but can't access remote server. Main problem: i did not get Net::SCP to use user X's identity files.
So i moved to Net::SCP::Expect, which should use identity files. Made such simple test script:
Error i got is EXACTLY such one
at /usr/share/perl5/Expect.pm line 759 not found
I have no power to understand, what this means. Seems like bug to me.
I just have no good ideas more. Maybe i just invent wheel here and some could suggest me something more simple?
I don't want loose presmissions to users, but they should get those pics uploaded in some secure way. Perl and CLI are prefferred
TIA!
I have problem which i have not found good solution.
There is three (Linux) users A, B and C who scan images to ~/images/scan
They should upload those pics to the remote server where they don't have accounts.
Therefor is user X, who has access to remote server, but who has no access to user's home directories.
So far i had the "remote server" in my LAN and i did not worry about plain text password too much. I made perl script, which runs with setgid and get by group rights credentials to local FTP-server but run with user's permission, so it had access to home directory trees.
Now i have "remote server" far away and wanted to work out something more secure and without passwords. scp with authorized keys seemed very good way for this.
So first i tried with Net::SCP, but if runned it with setuid in user X rights, it could access server, but not users Homes. And if runned it with setgid, it has access to local homes, but can't access remote server. Main problem: i did not get Net::SCP to use user X's identity files.
So i moved to Net::SCP::Expect, which should use identity files. Made such simple test script:
#!/usr/bin/suidperl # running setgid to get access to identity file use strict; use warnings; my %c; $ENV{PATH} = ''; $c{user} = 'www'; $c{remote} = '192.168.1.3'; $c{identity} = "/etc/pass/id_rsa"; # readable root.special_group use Net::SCP::Expect; my $scpe = Net::SCP::Expect->new(host=>$c{remote}, user=>$c{user}, identity_file=>$c{identity} ); $scpe->scp("/home/eks/profiles.ini", "/home/www/");
Error i got is EXACTLY such one
at /usr/share/perl5/Expect.pm line 759 not found
I have no power to understand, what this means. Seems like bug to me.
I just have no good ideas more. Maybe i just invent wheel here and some could suggest me something more simple?
I don't want loose presmissions to users, but they should get those pics uploaded in some secure way. Perl and CLI are prefferred
TIA!
Nġnda,
WK
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: Secure upload without account in remote server
by Anonymous Monk on Dec 12, 2010 at 20:38 UTC | |
by wanradt (Scribe) on Dec 15, 2010 at 15:52 UTC |
Back to
Seekers of Perl Wisdom