CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Intermediate:
Spawn script as a different user

 



andy7t
User

Jul 31, 2005, 1:19 PM

Post #1 of 3 (732 views)
Spawn script as a different user Can't Post

Hi,

I have a small 'webserver' script written in perl, which needs to run as root, because it performs certain actions in parts of the script which need to be run as root.

However, i also need to start another perl script from this master 'webserver'.
At the moment i am using:
$otherscript=`perl script.cgi`;

This means however, that the new script also runs as root. This is a problem, since its a security risk to have it running as root (it's a gameserver start script).
How do i keep the webserver running as root, but allow it to create processes which are run as a different user.
Apache can do it (not that it's in perl), so it must be possible.


davorg
Thaumaturge / Moderator

Aug 1, 2005, 2:11 AM

Post #2 of 3 (728 views)
Re: [andy7t] Spawn script as a different user [In reply to] Can't Post

Having stuff run as root from a web server is always a bit dangerous and you need to be really sure that you're not opening up your web server to attack.

Having said that, the easiest solution is probably to use 'sudo' and to have the appropriate configuration in the /etc/sudoers file to allow your web server user to execute just the required commands as root without a password.

See, I said it was dangerous :-/

--
Dave Cross, Perl Hacker, Trainer and Writer
http://www.dave.org.uk/
Get more help at Perl Monks


andy7t
User

Aug 1, 2005, 5:26 AM

Post #3 of 3 (725 views)
Re: [davorg] Spawn script as a different user [In reply to] Can't Post

Hi,

I'm not too concerned about the webserver, since it's not a public webserver, and requires a key to get it to do anything.

I'll go through what i am doing, so that it will become clearer.

I've got a 'master' server, and i've got several 'slave' servers.
These slave servers are gaming machines.

The master server has got some perl scripts that tell the slave server (via SOCKETS:INET and the Webserver script on the slave servers) to perform certain actions (like start/restart gaming servers).

So, for example.
On the main server, if i want to restart a remote game server, the main server will use Sockets INET to communicate with a port on the GAMING (Slave) server to tell it to restart.

The webserver on slave checks the key to make sure that just anyone is sending data, and then executes:

system('./home/username/control restart');
This restarts the game server.
However, the game server is now running as root.
Since there are many 5 or 6 game servers per machine, i would like the game server to be run as it's owners username.

Is this possible.
The things that the webserver needs to do is quite lenghtly, so putting them all in sudoers will basically include everything :-), from adduser/userdel, reboot, cp to other directorys, mv etc etc.

The only option i could think of at the moment, was to create another script with a 'listen' port in every users directory, and have that running as the user, and then the webserver contacts that script to perform the action. But that's very long winded :-(.

Surely there is another way?

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives