[plug] cgi permissions
Steve Boak
sboak at westnet.com.au
Tue Jun 29 15:58:40 WST 2004
Hi All
I'm experimenting with a perl cgi script to allow a local web user to force a
redial on my modem by calling the 'pon' script, but I seem to have a problem
with permissions somwhere. To put it simply, I have a line
$result = `pon`;
in my script, which returns the message "Error: only members of the 'dip'
group can use this command".
The cgi script runs under user www-data, which I have added to the dip group,
but still the same problem. The script prints the user and group, so I know I
am starting off with those correct.
Background
Debian testing, custom 2.4.22 kernel
Apache/1.3.29 (Debian GNU/Linux)
The pon script contains the following:
if [ ! -r /etc/ppp/peers/ ]; then
echo "Error: only members of the 'dip' group can use this command."
exit 1
fi
Permissions for pon:
min:~# ls -l /usr/bin/pon
-rwxr-xr-x 1 root root 1362 Apr 16 02:21 /usr/bin/pon
premissions on the peers directory:
min:~# ls -ld /etc/ppp/peers/
drwxr-s--- 2 root dip 4096 Mar 10 23:03 /etc/ppp/peers/
my default peer file:
min:~# ls -l /etc/ppp/peers/westnet128k
-rw-r----- 1 root dip 281 Jun 13
13:53 /etc/ppp/peers/westnet128k
and the groups:
min:~# groups www-data
www-data : www-data dip
Therefore, if the cgi script is running under user www-data,
the /etc/ppp/peers/ directory is owned by root.dip, and www-data is in the
dip group, then the "[ ! -r /etc/ppp/peers/ ]" test should not fail?
Obviously I am missing something here :-)
Steve
--
"Most men occasionally stumble over the truth, but most pick themselves
up and continue on as if nothing had happened." - Winston Churchill
More information about the plug
mailing list