[Chicago-talk] mkdir() question

Brian Katzung briank at kappacs.com
Thu Dec 2 12:52:11 PST 2010 

This is less secure, but here's another thought:

     system("sudo /usr/sbin/useradd ...");

with useradd permission for Apache.

I would probably go with the suid perl myself, depending on the purpose 
of the server, who else is also on the server, and whether the 
(virtual?) machine is dedicated to this service.

   - Brian

On 2010-12-02 14:16, Young, Darren wrote:
> I need some ideas on a problem I'm having doing mkdir and chown in Perl. The Perl script I have is running as a CGI under Apache 2.2.3 (RHEL). This script is the receiving end of a web service using SOAP::Lite (client is C# .NET). This script needs to do a mkdir for a user home directory and change permissions on it to that of the user (and their primary GID).
>
> Problem is Apache is running as the user "apache" (as it should) and therefore the script has no permissions do to a mkdir on /export/home. I haven't even gotten to the chown part, which if memory serves me correctly, won't work unless the script is being run as root. Can't change ownership of a directory to something other than yourself if you're not root right?
>
> I've considered the options of setuid-perl (argh), running the web server as something else (ugh) suexec under Apache or even setting the permissions on /export/home to that of apache. Though the latter won't solve the chown problem.
>
> Anyone have any other thoughts before I hang myself with setuid root?
>
> Darren Young
>
> Here's the worker code:
>
> ###############################################################################
> # NAME        : _make_homedir
> # DESCRIPTION : Create a user home directory
> # ARGUMENTS   : string(username), string(uid), string(type)
> # RETURN      : 0 or 1
> # NOTES       :
> ###############################################################################
> sub _make_homedir {
>      my ( $uname, $uid, $actype ) = @_;
>      my $name = "_make_homedir";
>      logging::logmsg(STDERR, "$name: entering _make_homedirs()");
>
>      my $homedir   = $config::GCH_HOMEDIR{$actype} . "/$uname";
>      my @skelfiles = ( '.cshrc', '.login', '.profile' );
>      my $skelbase  = "$FindBin::Bin/skel";
>      my $gid       = $config::GCH_GID{$actype};
>      my $retval    = 1;
>
>      ### Log the info
>      logging::logmsg(STDERR, "$name: homedir  =>  $homedir");
>      logging::logmsg(STDERR, "$name: skelbase =>  $skelbase");
>      logging::logmsg(STDERR, "$name:      gid =>  $gid");
>
>      ##############################################################################
>      ### Create the home directory
>      ##############################################################################
>      logging::logmsg(STDERR, "$name: Attempting to create directory: $homedir");
>      if ( !-d $homedir ) {
>          if ( mkdir( "$homedir", 0720 ) ) {
>              logging::logmsg(STDERR, "$name: Created home directory: $homedir");
>          } else {
> 		my $err = "FAILED to create home directory $homedir: $!";
>              logging::logmsg(STDERR, "$name: $err");
>              die($err);
>          }
>      } else {
> 	  my $err = "FAILED to create directory $homedir: $homedir already exists";
>          logging::logmsg(STDERR, "$name: $err");
>          die("$err");
>      }
>
>
>      ##############################################################################
>      ### Change the ownership on the home directory
>      ##############################################################################
>      logging::logmsg(STDERR, "$name: Attempting to change ownership on: $homedir");
>      my $cnt = 0;
>      $cnt = chown $uid, $gid, $homedir;
>      if ( $cnt != 1 ) {
> 	  my $err = "FAILED - home directory $homedir ownership not changed: $!";
>          logging::logmsg(STDERR, "$name: $err");
>          die($err);
>      } else {
>          logging::logmsg(STDERR, "$name: $homedir ownership changed to $uid:$gid");
>          $retval = 1;
>      }
>
>
>      ##############################################################################
>      ### Copy all the skel files and set their perms
>      ##############################################################################
>      foreach my $file (@skelfiles) {
>          if ( !copy( "$skeldir/$file", "$homedir" ) ) {
>              logging::logmsg(STDERR, "$name: FAILED to copy $skeldir/$file to $homedir");
>              $retval = 0;
>          } else {
>              logging::logmsg(STDERR, "$name: Copied $skeldir/$file to $homedir");
> 		$retval = 1;
> 		}
>
>          $cnt = chown $uid, $gid, "$homedir/$file";
>          if ( $cnt != 1 ) {
>              logging::logmsg(STDERR, "$name: FAILED to set perms on: $homedir/$file");
>              $retval = 0;
>          } else {
>              logging::logmsg(STDERR, "$name: Set permissions on $homedir/$file");
> 		$retval = 1;
> 		}
>      }
>
>      logging::logmsg(STDERR, "$name: returning with value: $retval");
>      return ($retval);
> }
>
> _______________________________________________
> Chicago-talk mailing list
> Chicago-talk at pm.org
> http://mail.pm.org/mailman/listinfo/chicago-talk
>
>


-- 
Brian Katzung, Kappa Computer Solutions, LLC
Leveraging UNIX, GNU/Linux, open source, and custom
software solutions for business and beyond
Phone: 877.367.8837 x1  http://www.kappacs.com

More information about the Chicago-talk mailing list