Loading ...
Sorry, an error occurred while loading the content.

Re: mod_perl not able to run some pl files.

Expand Messages
  • Stas Bekman
    ... We had to deal with similar problems in Apache-Test. After many rewrites the following code is used to check whether some directory is -rwx by a certain
    Message 1 of 14 , Jun 1, 2004
    • 0 Attachment
      Brian Reichert wrote:
      > On Tue, Jun 01, 2004 at 10:24:33AM +0530, Bheema Rao Merugu, BSC, Ambattur, Chennai wrote:
      >> I am sorry please find the out put that you are asking for.
      >> # find /usr/local/apache/lib -name CGI.pm -ls
      >> 372763 228 -rwxrwxrwx 1 root system 230097 May 27 16:50
      > Egads: a root-owned file that world-writable?! That's _very_ uncool.
      > If, by merely changing the group the web server runs as suddenly
      > make things work, it still leads me to think that the permissions
      > are off in your Perl tree.
      > Perl does not install modules world-writable; I think that someone
      > changed permissions on this file, after the fact. :/
      > If any component in the path /usr/local/apache/lib/perl5/5.8.3/CGI.pm
      > is not world-readable, or, in the case of a directory, world-executable,
      > then user/group nobody/nobody won't be able to read the file.
      > But this file should certainly not be world-writable.

      We had to deal with similar problems in Apache-Test. After many rewrites the
      following code is used to check whether some directory is -rwx by a certain
      user. You can adjust it to just check for -rx. It emulates the exact thing
      that happens when Apache spawns child processes and drops root priveledges.

      Just like Apache, this is run as root, and you need to add $uid and $gid of
      that user the server is running under. $dir is the dir you want to check;

      perl -MApache::TestRun -e 'eval { Apache::TestRun::run_root_fs_test($uid,
      $gid, q[$dir]) }';

      You can get the two vars from the username:

      my($uid, $gid) = (getpwnam($user))[2..3]

      And this is the actual test sub:

      # this sub is executed from an external process only, since it
      # "sudo"'s into a uid/gid of choice
      sub run_root_fs_test {
      my($uid, $gid, $dir) = @_;

      # first must change gid and egid ("$gid $gid" for an empty
      # setgroups() call as explained in perlvar.pod)
      my $groups = "$gid $gid";
      $( = $) = $groups;
      die "failed to change gid to $gid"
      unless $( eq $groups && $) eq $groups;

      # only now can change uid and euid
      $< = $> = $uid+0;
      die "failed to change uid to $uid" unless $< == $uid && $> == $uid;

      my $file = catfile $dir, ".apache-test-file-$$-".time.int(rand);
      eval "END { unlink q[$file] }";

      # unfortunately we can't run the what seems to be an obvious test:
      # -r $dir && -w _ && -x _
      # since not all perl implementations do it right (e.g. sometimes
      # acls are ignored, at other times setid/gid change is ignored)
      # therefore we test by trying to attempt to read/write/execute

      # -w
      open TEST, ">$file" or die "failed to open $file: $!";

      # -x
      -f $file or die "$file cannot be looked up";
      close TEST;

      # -r
      opendir DIR, $dir or die "failed to open dir $dir: $!";
      defined readdir DIR or die "failed to read dir $dir: $!";
      close DIR;

      # all tests passed
      print "OK";

      so you probably want to convert it to a script and do your testing. This could
      be a good addition to the modperl debug utils toolbox.

      I'll leave it to you to put all these pieces together.

      Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
      http://stason.org/ mod_perl Guide ---> http://perl.apache.org
      mailto:stas@... http://use.perl.org http://apacheweek.com
      http://modperlbook.org http://apache.org http://ticketmaster.com

      Report problems: http://perl.apache.org/bugs/
      Mail list info: http://perl.apache.org/maillist/modperl.html
      List etiquette: http://perl.apache.org/maillist/email-etiquette.html
    Your message has been successfully submitted and would be delivered to recipients shortly.