[Solved] Permission problem, programming advice needed, Perl


 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting [Solved] Permission problem, programming advice needed, Perl
# 1  
Old 02-19-2014
[Solved] Permission problem, programming advice needed, Perl

Hi all,

I have written a wrapper script in Perl which will be used on AIX, Linux and Windows and I do not want to change any code for the needs for a specific OS if avoidable.
It works fine so far on all 3 OSes, not blowing up any stacks any more, but I am unsure how to handle writing log files and some other temporary files it needs for some status tracking as it is no demon and will terminate when it's done.

The script will be called by different users and produce the mentioned files. My problem is, that I currently have to give the calling user write permissions to the directory where the logs will be written.
I would like to avoid this and let the logs belong to the user that owns the script so that the calling user will not be able to manipulate any of the files that are written.

su, sudo etc. is no option.
I tried setting setuid-bit, but that didn't help. The created files were still owned by the calling user.

Maybe there is a simpler method to overcome this problem but currently I think about something like trying to change the effective UID for this and see if it helps.

Any ideas or corrections of my thoughts are welcome!

Last edited by zaxxon; 02-19-2014 at 01:44 PM.. Reason: rephrasing
# 2  
Old 02-19-2014
Are all of the users who need to create the log files members of a single group? If so, just change the group for the directory in which the log files will be created to that common group and make the directory writeable by members of that group.
Code:
chgrp common_group directory
chmod g+w directory

It isn't clear to me whether you want multiple users to be able to write to log files created by other users or if you just want multiple users to be able to create log files in a single directory. To give all members of the group the ability to update log files created by other members of the group:
Code:
chgrp common_group log_file...
chmod g+w log_file...

Note that the chgrp and chmod commands will both have to be run by the user who owns (created) the file (directory or log file) or by someone with administrative privileges (on many system, that means root).
# 3  
Old 02-19-2014
Did you try to give the files write access but no read access? So people could write log files but not mess around.
This User Gave Thanks to RudiC For This Post:
# 4  
Old 02-19-2014
I will try to explain it better:

This wrapper script will be deployed on all hosts in the company, AIX, Linux and Windows. I do not know which technical users (triggered from applications) are going to use it, so I have to assume it will be anybody.

Currently plenty of applications on those hosts execute a client, that does not have the functionalities of the wrapper. This client does not write log files nor is there any mechanisms that need temporary files in it.

For my local tests, everything went fine, even the compiled Perl script on windows.

But then I noticed, that when another user is using the script (AIX/Linux), the directory of the wrapper, where also the logs and temp files are placed, has to be writable for them and the files will have the user and group of the one executing it.

My goal was to achieve, that the files would be written with the uid of the owner of the script, so I thought about trying something with effective uid or something like that.

I will try your suggestions tomorrow at work, thanks so far.
# 5  
Old 02-19-2014
Quote:
Originally Posted by zaxxon
My goal was to achieve, that the files would be written with the uid of the owner of the script, so I thought about trying something with effective uid or something like that.
For that you need sudo, not a script.

If you want them to be used by multiple users, make the files group readable/writable and arrange groups.
This User Gave Thanks to Corona688 For This Post:
# 6  
Old 02-19-2014
Some systems support set-UID shell scripts; Linux systems do not. So, for a script to be portable to all of the systems you use, a set-UID shell script is not an option.
This User Gave Thanks to Don Cragun For This Post:
# 7  
Old 02-19-2014
Ok, that sounds like to have another wrapper that calls the wrapper script with a sudo, as the goal is that the customers don't have to change anything on their side at all when calling the wrapper.
Then there is no sudo on plain windows - I will check if it will run with "runas" but this needs credentials etc.

Thanks so far for your ideas, I will see to what conclusion I come and will let you know.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Need Advice for This Programming way

Hi All, I am working in production support environment And I have a lot of checks done daily on system And depended on values I take specific decision I am going to develop script to do general operation task But my problem is this script will be a running process 24 hours I... (5 Replies)
Discussion started by: maxosmanpad
5 Replies

2. Shell Programming and Scripting

fgrep command: Perl programming help needed..Kindly advise

Hi, I am novice in PERL enviornment. I have a text files withso many entries in rows and columns. I have to pick up entries named as "Uniprot ID" in the file and create a new text file with list of particular Uniprot ID entries. Can anybody guide regarding this.. I came to know abut fgrep... (1 Reply)
Discussion started by: manigrover
1 Replies

3. Programming

System + Network Programming, your advice required???

Dear friends, Before putting my questions forward, I would like to put some data infront of you, hope you will help me at the end. This website Cray-Cyber - Welcome provides free access to many supercomputers and mainframe computers. When you login through ssh, they provide you with a screen,... (5 Replies)
Discussion started by: gabam
5 Replies

4. UNIX for Advanced & Expert Users

System + Network Programming, your advice required???

Dear friends, Before putting my questions forward, I would like to put some data infront of you, hope you will help me at the end. This website Cray-Cyber - Welcome provides free access to many supercomputers and mainframe computers. When you login through ssh, they provide you with a screen,... (0 Replies)
Discussion started by: gabam
0 Replies

5. Linux

Scripting advice needed

Evening all, Im trying to get a script that will: Select the most 3 recent files in a specific directory Run a command on them (like chmod) Ask of you would like to continue Copy the files to another directory If a linux guru could help me out, it would be very much appreciated. Thanks... (2 Replies)
Discussion started by: Wiggins
2 Replies

6. UNIX for Advanced & Expert Users

'for' loop advice needed....!!

Scenario: Command used to capture IPs on a host: /usr/sbin/ifconfig -a | grep "inet" | egrep -v "inet6|0.0.0.0|192.168.100.2" | awk '{print $2}' Following for loop used to capture interface names: for INTERFACE in `/usr/sbin/ifconfig -a | nawk '$1 ~ /:$/ && $1 {sub(":$", "", $1); print... (3 Replies)
Discussion started by: ak835
3 Replies

7. Shell Programming and Scripting

'for' loop advice needed ....!!

/usr/sbin/ifconfig -a | grep "inet" | grep -v "inet6" | grep -v "127.0.0.1" | grep -v "0.0.0.0"|grep -v "192.168.100.2" | awk '{print $2}' I use above command to get IP addresses on AIX boxes.Values coming here are set to a variable "Host IPs.IP Addresses" in my fingerprinting engine. ... (4 Replies)
Discussion started by: ak835
4 Replies

8. Shell Programming and Scripting

eval problem.. advice needed!

Hi I need some major help with eval I have a statement using eval: read input eval variable$input=”something” Now I want to use the “variable$input” in some commands but I don't know how to call it without replacing the $input with the command line value (which I obviously can't do). ... (1 Reply)
Discussion started by: Cactus Jack
1 Replies

9. Shell Programming and Scripting

perl module installation problems... experts advice needed,...

---------- This is perl, v5.6.1 built for MSWin32-x86-multi-thread (with 1 registered patch, see perl -V for more detail) ----------in win 2000 advanced server,.. i am somewhat comfortable with perl but i am new to perl modules.. when i tried to install xml::simple and xml::parser there... (4 Replies)
Discussion started by: sekar sundaram
4 Replies

10. Linux

programming advice needed....

i'm a grad student taking a UNIX course and a networks course (i have a background in C++ and JAVA). i'm trying to combine the two classes. My questions stems from a networks programming homework assignment below: "Using the operating system and language of your choice, develop a program to... (5 Replies)
Discussion started by: trostycp
5 Replies
Login or Register to Ask a Question