[kw-pm] Perl CGIs, modules and Apache.

Christopher Calzonetti elbie at trig.net
Sat Apr 3 09:20:20 CST 2004 

On Fri, Apr 02, 2004 at 10:56:05PM -0500, Daniel R. Allen wrote:
> On Fri, 2 Apr 2004, Christopher Calzonetti wrote:
> 
> > As for which user apache runs as, it runs under user www, which doesn't
> > have a shell to speak of.  The user information has the shell set to
> > /usr/bin/false.
> 
> Ah- but the user still has environment variables.  You can run things
> effectivly as the webserver by:
> 
> su to root
> su - www
> ...

Actually, this is not true.  At least, it's not for OSX.  Well, it's sort
of true, I suppose, but in addition to changing to the new user's
environment variables, it also changes the user's shell.  /usr/bin/false
will exit immediately, and thus kick me right back out again.

> ...and if you do this (he said, guessing...) perl -V will tell you that
> www's PERL5LIB is missing the directories you added to your own PERL5LIB.

Modifying the user info for www, I changed the shell to sh, so I _could_
check the environment variables.  This allowed me to check that indeed the
extra directories where not showing up in @INC.  I'm not sure what this
gets me though, as no shell is started for the webserver.

> You can fix that by modifying the script that starts apache to load the
> environment variable into the parent shell.  But when I tried this now, I
> couldn't get it to work properly.

I also tried that and couldn't get it to work.  I tried adding the
following to the top of apachectl:

PERL5LIB=/sw/lib/perl5:/sw/lib/perl5/darwin
export PERL5LIB

but this didn't seem to carry through to Apache.  A quick check of the docs
revealed that most environment variables are stripped out of the
environment, leaving only a "safe" subset to be passed on to CGIs called by
apache.

> What did work like a charm was adding this to apache's httpd.conf, which
> loads the environment variable directly into apache:
> 
> LoadModule env_module /usr/lib/apache/1.3/mod_env.so
> SetEnv PERL5LIB /home/daniel/work/foo

In fact, this is already what I have in my httpd.conf file, and I can
confirm that PERL5LIB is being passed through as you say.  I mentioned this
in my original e-mail.

HOWEVER, perl CGI scripts called by Apache, though the value of
$ENV{PERL5LIB} is set correctly, STILL DO NOT HAVE the extra directories in
@INC!  Weird.

More information about the kw-pm mailing list