Loading ...
Sorry, an error occurred while loading the content.
 

Re: mod_perl not able to run some pl files.

Expand Messages
  • Brian Reichert
    ... Egads: a root-owned file that world-writable?! That s _very_ uncool. If, by merely changing the group the web server runs as suddenly make things work, it
    Message 1 of 14 , Jun 1, 2004
      On Tue, Jun 01, 2004 at 10:24:33AM +0530, Bheema Rao Merugu, BSC, Ambattur, Chennai wrote:
      > Hi,
      >
      > I am sorry please find the out put that you are asking for.
      >
      > # find /usr/local/apache/lib -name CGI.pm -ls
      > 372763 228 -rwxrwxrwx 1 root system 230097 May 27 16:50
      > /usr/local/apache/lib/perl5/5.8.3/CGI.pm

      Egads: a root-owned file that world-writable?! That's _very_ uncool.

      If, by merely changing the group the web server runs as suddenly
      make things work, it still leads me to think that the permissions
      are off in your Perl tree.

      Perl does not install modules world-writable; I think that someone
      changed permissions on this file, after the fact. :/

      If any component in the path /usr/local/apache/lib/perl5/5.8.3/CGI.pm
      is not world-readable, or, in the case of a directory, world-executable,
      then user/group nobody/nobody won't be able to read the file.

      But this file should certainly not be world-writable.

      > Thanks,
      > Bheema.

      --
      Brian Reichert <reichert@...>
      37 Crystal Ave. #303 Daytime number: (603) 434-6842
      Derry NH 03038-1713 USA BSD admin/developer at large

      --
      Report problems: http://perl.apache.org/bugs/
      Mail list info: http://perl.apache.org/maillist/modperl.html
      List etiquette: http://perl.apache.org/maillist/email-etiquette.html
    • Stas Bekman
      ... We had to deal with similar problems in Apache-Test. After many rewrites the following code is used to check whether some directory is -rwx by a certain
      Message 2 of 14 , Jun 1, 2004
        Brian Reichert wrote:
        > On Tue, Jun 01, 2004 at 10:24:33AM +0530, Bheema Rao Merugu, BSC, Ambattur, Chennai wrote:
        >
        >>Hi,
        >>
        >> I am sorry please find the out put that you are asking for.
        >>
        >> # find /usr/local/apache/lib -name CGI.pm -ls
        >> 372763 228 -rwxrwxrwx 1 root system 230097 May 27 16:50
        >>/usr/local/apache/lib/perl5/5.8.3/CGI.pm
        >
        >
        > Egads: a root-owned file that world-writable?! That's _very_ uncool.
        >
        > If, by merely changing the group the web server runs as suddenly
        > make things work, it still leads me to think that the permissions
        > are off in your Perl tree.
        >
        > Perl does not install modules world-writable; I think that someone
        > changed permissions on this file, after the fact. :/
        >
        > If any component in the path /usr/local/apache/lib/perl5/5.8.3/CGI.pm
        > is not world-readable, or, in the case of a directory, world-executable,
        > then user/group nobody/nobody won't be able to read the file.
        >
        > But this file should certainly not be world-writable.

        We had to deal with similar problems in Apache-Test. After many rewrites the
        following code is used to check whether some directory is -rwx by a certain
        user. You can adjust it to just check for -rx. It emulates the exact thing
        that happens when Apache spawns child processes and drops root priveledges.

        Just like Apache, this is run as root, and you need to add $uid and $gid of
        that user the server is running under. $dir is the dir you want to check;

        perl -MApache::TestRun -e 'eval { Apache::TestRun::run_root_fs_test($uid,
        $gid, q[$dir]) }';

        You can get the two vars from the username:

        my($uid, $gid) = (getpwnam($user))[2..3]

        And this is the actual test sub:

        # this sub is executed from an external process only, since it
        # "sudo"'s into a uid/gid of choice
        sub run_root_fs_test {
        my($uid, $gid, $dir) = @_;

        # first must change gid and egid ("$gid $gid" for an empty
        # setgroups() call as explained in perlvar.pod)
        my $groups = "$gid $gid";
        $( = $) = $groups;
        die "failed to change gid to $gid"
        unless $( eq $groups && $) eq $groups;

        # only now can change uid and euid
        $< = $> = $uid+0;
        die "failed to change uid to $uid" unless $< == $uid && $> == $uid;

        my $file = catfile $dir, ".apache-test-file-$$-".time.int(rand);
        eval "END { unlink q[$file] }";

        # unfortunately we can't run the what seems to be an obvious test:
        # -r $dir && -w _ && -x _
        # since not all perl implementations do it right (e.g. sometimes
        # acls are ignored, at other times setid/gid change is ignored)
        # therefore we test by trying to attempt to read/write/execute

        # -w
        open TEST, ">$file" or die "failed to open $file: $!";

        # -x
        -f $file or die "$file cannot be looked up";
        close TEST;

        # -r
        opendir DIR, $dir or die "failed to open dir $dir: $!";
        defined readdir DIR or die "failed to read dir $dir: $!";
        close DIR;

        # all tests passed
        print "OK";
        }

        so you probably want to convert it to a script and do your testing. This could
        be a good addition to the modperl debug utils toolbox.

        I'll leave it to you to put all these pieces together.

        --
        __________________________________________________________________
        Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
        http://stason.org/ mod_perl Guide ---> http://perl.apache.org
        mailto:stas@... http://use.perl.org http://apacheweek.com
        http://modperlbook.org http://apache.org http://ticketmaster.com

        --
        Report problems: http://perl.apache.org/bugs/
        Mail list info: http://perl.apache.org/maillist/modperl.html
        List etiquette: http://perl.apache.org/maillist/email-etiquette.html
      Your message has been successfully submitted and would be delivered to recipients shortly.