[plug] cgi permissions

Steve Boak sboak at westnet.com.au
Tue Jun 29 15:58:40 WST 2004


Hi All

I'm experimenting with a perl cgi script to allow a local web user to force a 
redial on my modem by calling the 'pon' script, but I seem to have a problem 
with permissions somwhere. To put it simply, I have a line
$result = `pon`;
in my script, which returns the message "Error: only members of the 'dip' 
group can use this command".
The cgi script runs under user www-data, which I have added to the dip group, 
but still the same problem. The script prints the user and group, so I know I 
am starting off with those correct.

Background

Debian testing, custom 2.4.22 kernel
Apache/1.3.29 (Debian GNU/Linux)

The pon script contains the following:
if [ ! -r /etc/ppp/peers/ ]; then
  echo "Error: only members of the 'dip' group can use this command."
  exit 1
fi

Permissions for pon:
min:~# ls -l /usr/bin/pon
-rwxr-xr-x    1 root     root         1362 Apr 16 02:21 /usr/bin/pon

premissions on the peers directory:
min:~# ls -ld /etc/ppp/peers/
drwxr-s---    2 root     dip          4096 Mar 10 23:03 /etc/ppp/peers/

my default peer file:
min:~# ls -l /etc/ppp/peers/westnet128k
-rw-r-----    1 root     dip           281 Jun 13 
13:53 /etc/ppp/peers/westnet128k

and the groups:
min:~# groups www-data
www-data : www-data dip

Therefore, if the cgi script is running under user www-data, 
the /etc/ppp/peers/ directory is owned by root.dip, and www-data is in the 
dip group, then the "[ ! -r /etc/ppp/peers/ ]" test should not fail?

Obviously I am missing something here :-) 

Steve

-- 
"Most men occasionally stumble over the truth, but most pick themselves
up and continue on as if nothing had happened." - Winston Churchill




More information about the plug mailing list