The part you missed in Bill's email "Write a shell script that is  
setuid root" is the most important.


You need to chmod not to 755, but
chown root <filename> 
chmod 4755 <filename> 

This tells Unix to run the script as the script owner.    For more  
details look at:

http://www.everyjoe.com/newlinuxuser/explain-what-is-setuid-and-setgid/


--Jimmy

On Nov 3, 2009, at 8:47 AM, nonlin wrote:

Dear Bill,

Thanks for you fast response.

Well, It seems close, but I have not gotten it to work yet.

I made a shell script like you said:
/usr/bin/nltests/restart_sendmail.sh
#!/bin/sh
service sendmail restart
echo dun!!!

I set the permissions to 755
set File owner to root
set File group to root

Modify my script to call it:
@results = `/usr/bin/nltests/restart_sendmail.sh`;

and I am still having the same problem.

I even tried to set the owner and group of the purl script to root

just a little more info

If I run restart_sendmail.sh from a terminal, it works

I wrote a test sh script to just list the directory (ls) and that  
works when
I call is from my purl script.

So, do you have any other suggestions, or do you notice if you  
overlooked
something or misunderstood some of your instructions.

Sincerely,

Nonlin

----- Original Message -----
From: "Bill Luebkert" <dbecoll@[...].com> 
To: "nonlin" <nonlin@[...].com> 
Cc: <perl-unix-users@[...].com> 
Sent: Tuesday, November 03, 2009 5:22 AM
Subject: Re: [Perl-unix-users] Permistion Problem when run from the Web


>  nonlin wrote:
> > Dear Friends,
> >
> > I know this is not directly a Unix problem but since this is  
> > happening
> > in Fedora Lenix I though your the best group to help me with this  
> > Issue.
> >
> > I need to execute some root level UNIX commands and access some root
> > level files from an script that is executed from the web. To be more
> > specific, the script I am writing needs to restart sendmail.  
> > Example of
> > "restartemail.pl":
> > ------------
> > #!/usr/bin/perl --
> >
> > use CGI ':standard';
> >
> > @results = `service sendmail restart`;
> >
> > print "@results\n";
> > ------------
> >
> > If I am login in as the root on the server and run this script, IT  
> > WORKS
> > perfectly!
> >
> > But if I call this script over the web into a browser. It FAILS!  
> > because
> > 550 Permission denied (real uid not trusted).
> >
> > Now, I know that this limitation was set up for my protection, but  
> > I am
> > writing a script that don't let the user do what ever they want. The
> > script is in full control of what is happing on the server and not  
> > the
> > user, so their is really no real risk hear. I just need to get around
> > this limitation to get the job dun.
> >
> > Does anyone know how to make this work.
> 
>  Write a shell script that is setuid root and call that script from  
>  your
>  Perl script.  Make sure you watch out for any possible misuses of the
>  script and code around them.
> 
>  EG:
>  Make a setuid script named restart_sendmail.sh that does the restart  
>  and
>  store it somewhere appropriate (eg: /usr/bin, /usr/local/bin, ...)  
>  then
>  call the shell script from the Perl script similar to what you were  
>  doing:
> 
>  @results = `/usr/bin/restart_sendmail.sh`;
> 
>  Or you can pass args like you were, but probably safer not to.  You  
>  may
also
>  want to verify sendmail isn't running the the script if sendmail  
>  doesn't
>  want multiples running (unless sendmail already handles that itself).

_______________________________________________
Perl-Unix-Users mailing list
Perl-Unix-Users@[...].com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs

_______________________________________________
Perl-Unix-Users mailing list
Perl-Unix-Users@[...].com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs