Loading ...
Sorry, an error occurred while loading the content.

RE: mod_perl not able to run some pl files.

Expand Messages
  • Bheema Rao Merugu, BSC, Ambattur, Chennai
    Hi, I am sorry please find the out put that you are asking for. # find /usr/local/apache/lib -name CGI.pm -ls 372763 228 -rwxrwxrwx 1 root system
    Message 1 of 14 , May 31 9:54 PM
    • 0 Attachment
      Hi,

      I am sorry please find the out put that you are asking for.

      # find /usr/local/apache/lib -name CGI.pm -ls
      372763 228 -rwxrwxrwx 1 root system 230097 May 27 16:50
      /usr/local/apache/lib/perl5/5.8.3/CGI.pm

      Thanks,
      Bheema.

      -----Original Message-----
      From: Brian Reichert [mailto:reichert@...]
      Sent: Monday, May 31, 2004 9:52 PM
      To: Bheema Rao Merugu, BSC, Ambattur, Chennai
      Cc: Brian Reichert; Tom Schindl; Perrin Harkins; mod_perl
      Subject: Re: mod_perl not able to run some pl files.


      On Mon, May 31, 2004 at 01:19:22PM +0530, Bheema Rao Merugu, BSC,
      Ambattur, Chennai wrote:
      > Hi,
      >
      > I have noticed one thing while running the perl files.
      >
      > in my httpd.conf the user and group names are
      > User nobody
      > Group nobody
      > if I change Group name as system
      > User nobody
      > Group system
      > perl files are running fine without any error its giving the
      problem
      > when i am running with group as 'nobody'

      Something I had suggested earlier:

      > For example, is there a file called CGI.pm somewhere under that
      > perl tree?
      >
      > find /usr/local/apache/lib -name CGI.pm -ls
      >
      > What are the permissions on it? If you installed as root, but had
      > a restrictive umask, it may not be world-readable, which would
      > thwart the apache process from reading it.

      I'm guessing that it's group readable. But we'll never know, if
      you don't answer the questions I asked. :/

      > Thanks,
      > Bheema.

      --
      Brian Reichert <reichert@...>
      37 Crystal Ave. #303 Daytime number: (603) 434-6842
      Derry NH 03038-1713 USA BSD admin/developer at large

      --
      Report problems: http://perl.apache.org/bugs/
      Mail list info: http://perl.apache.org/maillist/modperl.html
      List etiquette: http://perl.apache.org/maillist/email-etiquette.html
    • Brian Reichert
      ... Egads: a root-owned file that world-writable?! That s _very_ uncool. If, by merely changing the group the web server runs as suddenly make things work, it
      Message 2 of 14 , Jun 1, 2004
      • 0 Attachment
        On Tue, Jun 01, 2004 at 10:24:33AM +0530, Bheema Rao Merugu, BSC, Ambattur, Chennai wrote:
        > Hi,
        >
        > I am sorry please find the out put that you are asking for.
        >
        > # find /usr/local/apache/lib -name CGI.pm -ls
        > 372763 228 -rwxrwxrwx 1 root system 230097 May 27 16:50
        > /usr/local/apache/lib/perl5/5.8.3/CGI.pm

        Egads: a root-owned file that world-writable?! That's _very_ uncool.

        If, by merely changing the group the web server runs as suddenly
        make things work, it still leads me to think that the permissions
        are off in your Perl tree.

        Perl does not install modules world-writable; I think that someone
        changed permissions on this file, after the fact. :/

        If any component in the path /usr/local/apache/lib/perl5/5.8.3/CGI.pm
        is not world-readable, or, in the case of a directory, world-executable,
        then user/group nobody/nobody won't be able to read the file.

        But this file should certainly not be world-writable.

        > Thanks,
        > Bheema.

        --
        Brian Reichert <reichert@...>
        37 Crystal Ave. #303 Daytime number: (603) 434-6842
        Derry NH 03038-1713 USA BSD admin/developer at large

        --
        Report problems: http://perl.apache.org/bugs/
        Mail list info: http://perl.apache.org/maillist/modperl.html
        List etiquette: http://perl.apache.org/maillist/email-etiquette.html
      • Stas Bekman
        ... We had to deal with similar problems in Apache-Test. After many rewrites the following code is used to check whether some directory is -rwx by a certain
        Message 3 of 14 , Jun 1, 2004
        • 0 Attachment
          Brian Reichert wrote:
          > On Tue, Jun 01, 2004 at 10:24:33AM +0530, Bheema Rao Merugu, BSC, Ambattur, Chennai wrote:
          >
          >>Hi,
          >>
          >> I am sorry please find the out put that you are asking for.
          >>
          >> # find /usr/local/apache/lib -name CGI.pm -ls
          >> 372763 228 -rwxrwxrwx 1 root system 230097 May 27 16:50
          >>/usr/local/apache/lib/perl5/5.8.3/CGI.pm
          >
          >
          > Egads: a root-owned file that world-writable?! That's _very_ uncool.
          >
          > If, by merely changing the group the web server runs as suddenly
          > make things work, it still leads me to think that the permissions
          > are off in your Perl tree.
          >
          > Perl does not install modules world-writable; I think that someone
          > changed permissions on this file, after the fact. :/
          >
          > If any component in the path /usr/local/apache/lib/perl5/5.8.3/CGI.pm
          > is not world-readable, or, in the case of a directory, world-executable,
          > then user/group nobody/nobody won't be able to read the file.
          >
          > But this file should certainly not be world-writable.

          We had to deal with similar problems in Apache-Test. After many rewrites the
          following code is used to check whether some directory is -rwx by a certain
          user. You can adjust it to just check for -rx. It emulates the exact thing
          that happens when Apache spawns child processes and drops root priveledges.

          Just like Apache, this is run as root, and you need to add $uid and $gid of
          that user the server is running under. $dir is the dir you want to check;

          perl -MApache::TestRun -e 'eval { Apache::TestRun::run_root_fs_test($uid,
          $gid, q[$dir]) }';

          You can get the two vars from the username:

          my($uid, $gid) = (getpwnam($user))[2..3]

          And this is the actual test sub:

          # this sub is executed from an external process only, since it
          # "sudo"'s into a uid/gid of choice
          sub run_root_fs_test {
          my($uid, $gid, $dir) = @_;

          # first must change gid and egid ("$gid $gid" for an empty
          # setgroups() call as explained in perlvar.pod)
          my $groups = "$gid $gid";
          $( = $) = $groups;
          die "failed to change gid to $gid"
          unless $( eq $groups && $) eq $groups;

          # only now can change uid and euid
          $< = $> = $uid+0;
          die "failed to change uid to $uid" unless $< == $uid && $> == $uid;

          my $file = catfile $dir, ".apache-test-file-$$-".time.int(rand);
          eval "END { unlink q[$file] }";

          # unfortunately we can't run the what seems to be an obvious test:
          # -r $dir && -w _ && -x _
          # since not all perl implementations do it right (e.g. sometimes
          # acls are ignored, at other times setid/gid change is ignored)
          # therefore we test by trying to attempt to read/write/execute

          # -w
          open TEST, ">$file" or die "failed to open $file: $!";

          # -x
          -f $file or die "$file cannot be looked up";
          close TEST;

          # -r
          opendir DIR, $dir or die "failed to open dir $dir: $!";
          defined readdir DIR or die "failed to read dir $dir: $!";
          close DIR;

          # all tests passed
          print "OK";
          }

          so you probably want to convert it to a script and do your testing. This could
          be a good addition to the modperl debug utils toolbox.

          I'll leave it to you to put all these pieces together.

          --
          __________________________________________________________________
          Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
          http://stason.org/ mod_perl Guide ---> http://perl.apache.org
          mailto:stas@... http://use.perl.org http://apacheweek.com
          http://modperlbook.org http://apache.org http://ticketmaster.com

          --
          Report problems: http://perl.apache.org/bugs/
          Mail list info: http://perl.apache.org/maillist/modperl.html
          List etiquette: http://perl.apache.org/maillist/email-etiquette.html
        Your message has been successfully submitted and would be delivered to recipients shortly.