Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

scripts run by nobody

1 view
Skip to first unread message

David Gerler

unread,
Oct 15, 2002, 12:03:48 AM10/15/02
to Beginners
How do I make a script run as a specific user.

I am working on a script that uses a pipe to send information to a
program that outputs to a file. It works on win2000. I have uploaded
it and it runs and works correctly when run in the debugger from a
shell with the command "perl -d". The only time it doesn't run is when
it is called as an action from a form in a browser. The only
difference that I can find is that when call from the browser it runs
as "nobody". In the debugger it runs as the login user and works
correctly.
When I say that it runs as nobody, I mean that the file output from
the pipe is owned by "nobody".
Can anyone shed any light on this? How can I make the file run as my
user? Alternately, how do I make it chown the file to me. This is on a
virtual host server.

David Gerler
Gerler Enterprises
PO Box 16357
Chesapeake VA 23328
(757) 410-0738
http://www.GerlerEnterprises.com/

Nationwide Dial-up from $12.45 /mo.
http://www.EasySitesForLess.com/


Timothy Johnson

unread,
Oct 15, 2002, 1:34:45 AM10/15/02
to David Gerler, Beginners

What is the OS of the server you are uploading it to?

--
To unsubscribe, e-mail: beginners-...@perl.org
For additional commands, e-mail: beginne...@perl.org

David Gerler

unread,
Oct 15, 2002, 7:31:10 AM10/15/02
to Timothy Johnson, David Gerler, Beginners
The following message was sent by Timothy Johnson <tjoh...@sandisk.com> on Mon, 14 Oct 2002 22:34:45 -0700.

>
> What is the OS of the server you are uploading it to?
>
> -----Original Message-----
> From: David Gerler [mailto:pres...@gerlerenterprises.com]
> Sent: Monday, October 14, 2002 9:04 PM
> To: Beginners
> Subject: scripts run by nobody
>
>
> How do I make a script run as a specific user.
>
> I am working on a script that uses a pipe to send information to a
> program that outputs to a file. It works on win2000. I have uploaded
> it and it runs and works correctly when run in the debugger from a
> shell with the command "perl -d". The only time it doesn't run is when
> it is called as an action from a form in a browser. The only
> difference that I can find is that when call from the browser it runs
> as "nobody". In the debugger it runs as the login user and works
> correctly.
> When I say that it runs as nobody, I mean that the file output from
> the pipe is owned by "nobody".
> Can anyone shed any light on this? How can I make the file run as my
> user? Alternately, how do I make it chown the file to me. This is on a
> virtual host server.
>
> David Gerler


Sorry, I'm uploading to a server running redhat 7.3 linux.

Dave

Anette Seiler

unread,
Oct 15, 2002, 10:44:19 AM10/15/02
to David Gerler, Beginners
Hi,

I had a similar problem the other day and got help from this list.

When you run your script through the browser, it is not executed by you
(your username), but by the user of the webserver. Apache normally uses the
username "nobody". You can check this by looking into httpd.conf. The
reason for this is security. The user nobody normally has very restricted
rights.

If you have problems with it you can change

- the user name Apache is using - but then you could have problems with
security - of course you need the right to change httpd.conf
- rights, e.g. let the script chmod the output to 777 - but then you could
have the same problems with security and it is not always possible without
root rights
- owner - but then you have to have root rights

or write another cgi-script ... this is what I did in the end

My particular problem was that files were created and deleted by a
cgi-script - in reality by nobody. Whenever the script had a problem, files
were created but not deleted. I could not delete them with my user name as
I was not the owner of the files. I have no root rights. So I wrote another
cgi-script to get rid of the files.

I hope my answer helps you a little bit.

Anette

At 06:03 15.10.02, David Gerler wrote:
>How do I make a script run as a specific user.
>
>I am working on a script that uses a pipe to send information to a
>program that outputs to a file. It works on win2000. I have uploaded
>it and it runs and works correctly when run in the debugger from a
>shell with the command "perl -d". The only time it doesn't run is when
>it is called as an action from a form in a browser. The only
>difference that I can find is that when call from the browser it runs
>as "nobody". In the debugger it runs as the login user and works
>correctly.
> When I say that it runs as nobody, I mean that the file output from
>the pipe is owned by "nobody".
> Can anyone shed any light on this? How can I make the file run as my
>user? Alternately, how do I make it chown the file to me. This is on a
>virtual host server.
>
>David Gerler

Todd W

unread,
Oct 15, 2002, 3:58:07 PM10/15/02
to begi...@perl.org

David Gerler wrote:
> How do I make a script run as a specific user.
>
> I am working on a script that uses a pipe to send information to a
> program that outputs to a file. It works on win2000. I have uploaded
> it and it runs and works correctly when run in the debugger from a
> shell with the command "perl -d". The only time it doesn't run is when
> it is called as an action from a form in a browser. The only
> difference that I can find is that when call from the browser it runs
> as "nobody". In the debugger it runs as the login user and works
> correctly.
> When I say that it runs as nobody, I mean that the file output from
> the pipe is owned by "nobody".
> Can anyone shed any light on this? How can I make the file run as my
> user? Alternately, how do I make it chown the file to me. This is on a
> virtual host server.
>

This is a reply to the group rather than just you, but when shopping for
virtual web space, be sure your provider runs a wrapper program like
suEXEC or cgi-wrap or something. Actully, the only wrapper I reccommend
is suEXEC. What this does is change the permissions a script runs as to
the permissions of the script's owner. That way, you can leave your cgi
programs 700 and the text files (and directories) you write to 600. This
secures your data very tightly.

Run this program through a web browser:
#!/usr/bin/perl -w

use strict;
use CGI qw/:standard/;

print header();
print start_html();

print div('Apache user:');
print div('I am:', `id -un`);

print end_html();

And if it says the program runs as anyone other than you, tell your host
that you want suEXEC. If that dosent work, find another host.

Todd W.

Todd W

unread,
Oct 15, 2002, 10:16:46 PM10/15/02
to begi...@perl.org

Todd W wrote:
>
>
> David Gerler wrote:
>
>> How do I make a script run as a specific user.
>>

<snip />

>> When I say that it runs as nobody, I mean that the file output from
>> the pipe is owned by "nobody".
>> Can anyone shed any light on this? How can I make the file run as my
>> user? Alternately, how do I make it chown the file to me. This is on a
>> virtual host server.
>>
>
> This is a reply to the group rather than just you, but when shopping for
> virtual web space, be sure your provider runs a wrapper program like
> suEXEC or cgi-wrap or something. Actully, the only wrapper I reccommend
> is suEXEC. What this does is change the permissions a script runs as to
> the permissions of the script's owner. That way, you can leave your cgi
> programs 700 and the text files (and directories) you write to 600. This
> secures your data very tightly.
>

I was thinking more about the setuid wrapper than I was permissions and
gave a bit of bad advice about them. Here are the permission settings I
use (in terms of chmod):

all static web files (html, pdf, txt, jpg, etc): 644
all directories: 711
set all .cgi programs: 700
all data files used by the .cgi programs: 600

This way no other accounts on the machine can access the files I
wouldn't ever want them to see.

Todd W.

0 new messages