Re: Can't do setuid and file permision denied errors
From: Ben Morrow (usenet_at_morrow.me.uk)
Date: 10/29/03
- Previous message: Chris: "Can't do setuid and file permision denied errors"
- In reply to: Chris: "Can't do setuid and file permision denied errors"
- Next in thread: Steve Grazzini: "Re: Can't do setuid and file permision denied errors"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 29 Oct 2003 01:16:06 +0000 (UTC)
chrisw@lu.csi.com.ph (Chris) wrote:
> I have a chpass.pl which is being executed by a change password web
> utility page. This script tries to update a password on my linux
> server /etc/shadow with a file permision rw------. my chpass.pl was
> set to -rwsr-sr-x ,
> with this file permission, I'm getting an error: Can't do setuid,
> referer: http://.......
> When I set the file permision of the chpass.pl to -rwsr-xr-x , I get
> the error: file permision denied by the file /etc/shadow..
> When I chmod 777 the /etc/shadow then everything works but I'm sure
> its not safe to do that.. I cannot figure out how could I make this
> work with the original file permission of the files shadow and
> chpass.pl unchanged for I knew this was been working before with
> another machine with almost a copycat of my server.
This is a problem with the setup of your web server; I would guess
that your new machine has a newer version of Apache than the old?
The correct place to ask this is in a group appropriate to your
server; I think if your server is indeed Apache the right answer
involves using suEXEC, but don't take my word for it.
Are you *VERY* sure you *NEED* to do this? You are risking making it
completely trivial for someone to crack your machine. You must have
appropriate safeguards on who can access this web page. Your instinct
that more than 0600 on /etc/shadow is unsafe is sound; but having this
script be runnable by anyone is far more of a security risk. From the
level of your questions, I would (respectfully) suggest you do not
know enough to make this work safely.
Ben
-- It will be seen... that the Erwhonians are a meek and long-suffering people, easily led by the nose, and quick to offer up common sense at the shrine of logic, when a philosopher arises among them who... convinc[es] them that their ...institutions are not based on... morality. [Samuel Butler] ben@morrow.me.uk
- Previous message: Chris: "Can't do setuid and file permision denied errors"
- In reply to: Chris: "Can't do setuid and file permision denied errors"
- Next in thread: Steve Grazzini: "Re: Can't do setuid and file permision denied errors"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
