CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
Search Posts SEARCH
Who's Online WHO'S
Log in LOG

Home: Perl Programming Help: Intermediate:
Spawn script as a different user



Jul 31, 2005, 1:19 PM

Post #1 of 3 (1306 views)
Spawn script as a different user Can't Post


I have a small 'webserver' script written in perl, which needs to run as root, because it performs certain actions in parts of the script which need to be run as root.

However, i also need to start another perl script from this master 'webserver'.
At the moment i am using:
$otherscript=`perl script.cgi`;

This means however, that the new script also runs as root. This is a problem, since its a security risk to have it running as root (it's a gameserver start script).
How do i keep the webserver running as root, but allow it to create processes which are run as a different user.
Apache can do it (not that it's in perl), so it must be possible.

Thaumaturge / Moderator

Aug 1, 2005, 2:11 AM

Post #2 of 3 (1302 views)
Re: [andy7t] Spawn script as a different user [In reply to] Can't Post

Having stuff run as root from a web server is always a bit dangerous and you need to be really sure that you're not opening up your web server to attack.

Having said that, the easiest solution is probably to use 'sudo' and to have the appropriate configuration in the /etc/sudoers file to allow your web server user to execute just the required commands as root without a password.

See, I said it was dangerous :-/

Dave Cross, Perl Hacker, Trainer and Writer
Get more help at Perl Monks


Aug 1, 2005, 5:26 AM

Post #3 of 3 (1299 views)
Re: [davorg] Spawn script as a different user [In reply to] Can't Post


I'm not too concerned about the webserver, since it's not a public webserver, and requires a key to get it to do anything.

I'll go through what i am doing, so that it will become clearer.

I've got a 'master' server, and i've got several 'slave' servers.
These slave servers are gaming machines.

The master server has got some perl scripts that tell the slave server (via SOCKETS:INET and the Webserver script on the slave servers) to perform certain actions (like start/restart gaming servers).

So, for example.
On the main server, if i want to restart a remote game server, the main server will use Sockets INET to communicate with a port on the GAMING (Slave) server to tell it to restart.

The webserver on slave checks the key to make sure that just anyone is sending data, and then executes:

system('./home/username/control restart');
This restarts the game server.
However, the game server is now running as root.
Since there are many 5 or 6 game servers per machine, i would like the game server to be run as it's owners username.

Is this possible.
The things that the webserver needs to do is quite lenghtly, so putting them all in sudoers will basically include everything :-), from adduser/userdel, reboot, cp to other directorys, mv etc etc.

The only option i could think of at the moment, was to create another script with a 'listen' port in every users directory, and have that running as the user, and then the webserver contacts that script to perform the action. But that's very long winded :-(.

Surely there is another way?


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives