Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Writing a file as someone else

by hotyopa (Scribe)
on Dec 14, 2000 at 10:51 UTC ( [id://46587]=perlquestion: print w/replies, xml ) Need Help??

hotyopa has asked for the wisdom of the Perl Monks concerning the following question:

Hi All,

I am implementing a flat file database on a secured server and having a little bit of a problem.

The script is currently writing files as user www-data and group www-data. Our sysadmin guy wants to be able to clear the data directory in the future, but can't as he's not the owner of the files.

I've tried a system() call to chown after the file has been written, but it isn't working (I suspect because only the superuser can do that).

Does anybody know the best way to have the sysadmin guy made the owner of the files as they are written?

PS. Its writing directories too.

Thanks,

Anton

Replies are listed 'Best First'.
Re: Writing a file as someone else
by chipmunk (Parson) on Dec 14, 2000 at 11:02 UTC
    First, if he's the sysadmin, shouldn't he have root access?

    I think the easiest way to have the script write the files as the sysadmin is to make the sysadmin the owner of the script and run them setuid. (This means the script will be running in taint mode; see perlsec.) Since the sysadmin apparently can't chown files, he will have to make a copy of your script, then you will have to move your script, then he can rename his script and turn on setuid. This may also require some configuration in the web server, however.

    If that doesn't work, I guess you can work with a hobbled sysadmin by writing a directory-clearing script that will run as the user www-data that the sysadmin can run.

[reply]
Re: Writing a file as someone else
by Daniellek (Sexton) on Dec 14, 2000 at 14:50 UTC
    Maybe just adding your "sysadmin" to group www-data and changing mode of this file to 660 would solve the problem?

    Another solution is changing mode to something like 666, but it's not too secure ;)

    One more solution: (i'm using this, but it's a bit complicated) CGI script is a "client" and there's a server process in the system which is run on appropriate UID and wrotes files to the disk.

    Besides, what sysadm he is if he hasn't root access??? ;-> 

    -- 
Daniellek

    [download]
[reply]
[d/l]
Re: Writing a file as someone else
by repson (Chaplain) on Dec 14, 2000 at 11:08 UTC
    If this 'sysadmin guy' doesn't have root permission but is responsible for web data why isn't he part of group www-data?
    Just wondering...
[reply]
Re: Writing a file as someone else
by coreolyn (Parson) on Dec 14, 2000 at 21:03 UTC

    Fellow monks, feel for the many sysadmins that don't have root access, because that is only reserved for security departments. It is an unbelieveable pain in the butt.

    However the sysadmin needs to be put in the www-data group in this situation (They definately need someone with root access to modify the /etc/group file). Then within the controlling script the following should work:

    system("chgrp www-data file.bar");
system("chmod 664 file.bar");
#For the directories that are created:
system("chgrp -R www-data foodir");
system("chmod -R 664 foodir");

    [download]

    I'm sure there's a more perlesque way to handle group and mode permissions but this way gets it done.

    Hope it helps.

[reply]
[d/l]
[reply]
        I knew your were out there waiting to pounce on that! (even said as much:) Ok I was too lazy to pick up the book and look it up... I claim TIMTOWTDI! :)) [coreolyn}
[reply]
Re: Writing a file as someone else (why the sysadmin cant be root)
by hotyopa (Scribe) on Dec 15, 2000 at 03:03 UTC

    I guess I should have explained, that this is our departmental sysadmin guy, and the scripts are running on an MIS server (separate department).

    He wasn't in the www-data group yesterday, but he did head off to MIS to beg for membership later in the day :)

    Big thanks to all for their help.

    8={: )

[reply]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://46587]
Approved by root
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (2)
As of 2024-04-19 19:40 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found