Professional Web Applications Themes

indirect file access - PERL Beginners

Hi I want to open a file (testmesg.txt) for reading and writing. Ok, normally that is no problem ;) But my script runs by "www-data" and the file I want to edit belongs the user "testuser" and lays in /home/testuser/testmesg.txt. So I have no direct access to this file... But now, I put the userinformation $username="testuser" and $unixpasswd="secret" in my script. Is there any way to open this file by the script with the new username and passwd? Something like sudo for perl... I had to run the programm as www-data! The programmdir is ../cgi-bin/testscript.pl (htaccess) I hope you understand ...

  1. #1

    Default indirect file access

    Hi

    I want to open a file (testmesg.txt) for reading and writing. Ok,
    normally that is no problem ;)
    But my script runs by "www-data" and the file I want to edit belongs the
    user "testuser" and
    lays in /home/testuser/testmesg.txt. So I have no direct access to this
    file...
    But now, I put the userinformation $username="testuser" and
    $unixpasswd="secret" in my script.
    Is there any way to open this file by the script with the new username
    and passwd? Something
    like sudo for perl...

    I had to run the programm as www-data!
    The programmdir is ../cgi-bin/testscript.pl (htaccess)

    I hope you understand me :-D
    Thanks, Felix


    --
    Email: mailto:aerfxrz.hs-bremen.de



    Aerfx Guest

  2. #2

    Default Re: indirect file access

    Hi Felix,

    In article <3FA81868.8090100rz.hs-bremen.de>, Aerfx wrote:
    > I want to open a file (testmesg.txt) for reading and writing. Ok,
    > normally that is no problem ;)
    > But my script runs by "www-data" and the file I want to edit belongs the
    > user "testuser" and
    > lays in /home/testuser/testmesg.txt. So I have no direct access to this
    > file...
    > But now, I put the userinformation $username="testuser" and
    > $unixpasswd="secret" in my script.
    > Is there any way to open this file by the script with the new username
    > and passwd? Something
    > like sudo for perl...
    >
    > I had to run the programm as www-data!
    > The programmdir is ../cgi-bin/testscript.pl (htaccess)
    Can't you just change the permissions on your testmesg.txt to
    world-readable? (directories need to also be executable)

    Another possibility (someone here will likely have a better answer) might be
    to run the script in setuid mode (use chmod to set permissions for script
    to '4755'); script will run as its owner instead as 'www-data'.

    -Kevin
    --
    Kevin Pfeiffer

    Kevin Pfeiffer Guest

Similar Threads

  1. #40625 [NEW]: Indirect modification of overloaded property
    By noreply@php.net in forum PHP Bugs
    Replies: 1
    Last Post: February 25th, 07:35 PM
  2. Indirect file upload undoented feature?
    By topmind in forum Coldfusion - Advanced Techniques
    Replies: 0
    Last Post: July 18th, 05:49 PM
  3. Indirect recordcount
    By a440guy in forum Macromedia ColdFusion
    Replies: 4
    Last Post: May 13th, 01:42 PM
  4. Indirect Selection tool doesn't always work
    By Aaron_Merritt@adobeforums.com in forum Adobe Illustrator Macintosh
    Replies: 3
    Last Post: April 25th, 11:30 PM
  5. an indirect ASP security problem
    By Adam Lawson in forum ASP.NET Security
    Replies: 0
    Last Post: September 4th, 11:41 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139