Beefy Boxes and Bandwidth Generously Provided by pair Networks
Come for the quick hacks, stay for the epiphanies.
 
PerlMonks  

Re^4: How to run a perl script under "nobody" user?

by sunshine_august (Scribe)
on Nov 19, 2008 at 10:38 UTC ( [id://724531]=note: print w/replies, xml ) Need Help??


in reply to Re^3: How to run a perl script under "nobody" user?
in thread How to run a perl script under "nobody" user?

What I really want is the script can run under "nobody" user like the Apache way.

We usually start apache like this: 

sudo /usr/local/apache2/bin/apachectl start

[download]
then, when we `ps aux | grep apache`, we can find that apache's user id is "nobody":
root      1102  0.3  0.2   5972  2368 ?        Ss   18:35   0:00 /usr/
+local/apache2/bin/httpd -k start
root      1103  0.0  0.0   1620   300 ?        S    18:35   0:00 /usr/
+bin/cronolog /usr/local/apache2/logs/access_%Y-%m-%d-%H-%M.log
nobody     1109  0.0  0.1   5972  1496 ?        S    18:35   0:00 /usr
+/local/apache2/bin/httpd -k start
nobody     1110  0.0  0.1   5972  1496 ?        S    18:35   0:00 /usr
+/local/apache2/bin/httpd -k start
nobody     1111  0.0  0.1   5972  1496 ?        S    18:35   0:00 /usr
+/local/apache2/bin/httpd -k start
nobody     1112  0.0  0.1   5972  1496 ?        S    18:35   0:00 /usr
+/local/apache2/bin/httpd -k start
nobody     1113  0.0  0.1   5972  1496 ?        S    18:35   0:00 /usr
+/local/apache2/bin/httpd -k start

[download]

How can I make my perl script like this?

Replies are listed 'Best First'.
Re^5: How to run a perl script under "nobody" user?
by JavaFan (Canon) on Nov 19, 2008 at 10:54 UTC
    What I really want is the script can run under "nobody" user like the Apache way
    That requires root access. Apache starts as root, and then forks (repeatedly). The children then drop their privileges. For Perl processes to drop their privileges, assign to $<, $>, $( and $). Or use POSIX::setuid/POSIX::setgid.

    But from your OP, I don't see why you want to do it the "Apache way" and why su(do) won't do. Note that you'll need root access at some stage to set up permissions that allows you to run processes as a different user.

    Another option is to install the program owned by nobody, and use file (or acl) permissions to run it setuid.

[reply]
Re^5: How to run a perl script under "nobody" user?
by moritz (Cardinal) on Nov 19, 2008 at 10:46 UTC
    With sudo.

    Afaict Apache does it differently, it starts as root and then drops privileges. That's better in Apache's case (because it has to set up log files in the parent process, for example, and it can't do that as user nobody), but for a simple perl script it's much easier to use an external program, be it sudo or su.

[reply]
Re^5: How to run a perl script under "nobody" user?
by MidLifeXis (Monsignor) on Nov 19, 2008 at 14:58 UTC

    One other thing that root is needed for is binding to port 80 (<1024). But, as was said above, this is no longer a Perl issue.

    --MidLifeXis

[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://724531]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others learning in the Monastery: (5)
As of 2024-04-18 15:10 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found