perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stas Bekman <s...@stason.org>
Subject Re: mod_perl not able to run some pl files.
Date Tue, 01 Jun 2004 21:43:36 GMT
Brian Reichert wrote:
> On Tue, Jun 01, 2004 at 10:24:33AM +0530, Bheema Rao Merugu, BSC, Ambattur, Chennai wrote:
> 
>>Hi,
>>
>>  I am sorry please find the out put that you are asking for.
>>
>>  #  find /usr/local/apache/lib -name CGI.pm -ls
>>  372763  228 -rwxrwxrwx  1 root     system     230097 May 27 16:50
>>/usr/local/apache/lib/perl5/5.8.3/CGI.pm
> 
> 
> Egads: a root-owned file that world-writable?!  That's _very_ uncool.
> 
> If, by merely changing the group the web server runs as suddenly
> make things work, it still leads me to think that the permissions
> are off in your Perl tree.
> 
> Perl does not install modules world-writable; I think that someone
> changed permissions on this file, after the fact. :/
> 
> If any component in the path /usr/local/apache/lib/perl5/5.8.3/CGI.pm
> is not world-readable, or, in the case of a directory, world-executable,
> then user/group nobody/nobody won't be able to read the file.
> 
> But this file should certainly not be world-writable.

We had to deal with similar problems in Apache-Test. After many rewrites the 
following code is used to check whether some directory is -rwx by a certain 
user. You can adjust it to just check for -rx. It emulates the exact thing 
that happens when Apache spawns child processes and drops root priveledges.

Just like Apache, this is run as root, and you need to add $uid and $gid of 
that user the server is running under. $dir is the dir you want to check;

perl -MApache::TestRun -e 'eval { Apache::TestRun::run_root_fs_test($uid, 
$gid, q[$dir]) }';

You can get the two vars from the username:

my($uid, $gid) = (getpwnam($user))[2..3]

And this is the actual test sub:

# this sub is executed from an external process only, since it
# "sudo"'s into a uid/gid of choice
sub run_root_fs_test {
     my($uid, $gid, $dir) = @_;

     # first must change gid and egid ("$gid $gid" for an empty
     # setgroups() call as explained in perlvar.pod)
     my $groups = "$gid $gid";
     $( = $) = $groups;
     die "failed to change gid to $gid"
         unless $( eq $groups && $) eq $groups;

     # only now can change uid and euid
     $< = $> = $uid+0;
     die "failed to change uid to $uid" unless $< == $uid && $> == $uid;

     my $file = catfile $dir, ".apache-test-file-$$-".time.int(rand);
     eval "END { unlink q[$file] }";

     # unfortunately we can't run the what seems to be an obvious test:
     # -r $dir && -w _ && -x _
     # since not all perl implementations do it right (e.g. sometimes
     # acls are ignored, at other times setid/gid change is ignored)
     # therefore we test by trying to attempt to read/write/execute

     # -w
     open TEST, ">$file" or die "failed to open $file: $!";

     # -x
     -f $file or die "$file cannot be looked up";
     close TEST;

     # -r
     opendir DIR, $dir or die "failed to open dir $dir: $!";
     defined readdir DIR or die "failed to read dir $dir: $!";
     close DIR;

     # all tests passed
     print "OK";
}

so you probably want to convert it to a script and do your testing. This could 
be a good addition to the modperl debug utils toolbox.

I'll leave it to you to put all these pieces together.

-- 
__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

-- 
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html


Mime
View raw message