Home / server / Questions / 418767
Accepted
xivix
Asked: 2012-08-18 12:29:42 +0800 CST

run specific perl script as root under apache

  • 772

I have a perl program that runs fine when called through the Internet via apache on Fedora Linux server. In that perl script I have a system command which does not run because it needs to be run as root. I realize all the security ramifications but surely there must be a simple way of clearing a path for a legitimate script to do a legitimate function as root. I have tried using sudo but I have to remove the requiretty restriction for the apache user and I don't want to weaken security. There should be a way in apache config to either allow a specific file or directory to run as root but I have not been able to find it. I don't want all cgi-bin to run as root. Any help is appreciated.

linux

1 Answers

  1. Best Answer

    Perl? Perl supports setuid scripts.

    https://unix.stackexchange.com/questions/364/allow-setuid-on-shell-scripts

    Perl is a notable exception. It explicitly supports setuid scripts in a secure way. In fact, your script can run setuid even if your OS ignored the setuid bit on scripts. This is because perl ships with a setuid root helper that performs the necessary checks and reinvokes the interpreter on the desired scripts with the desired privileges. This is explained in the perlsec manual. It used to be that setuid perl scripts needed #!/usr/bin/suidperl -wT instead of #!/usr/bin/perl -wT, but on most modern systems, #!/usr/bin/perl -wT is sufficient.

    • 2