On Tue, Jun 01, 2004 at 10:24:33AM +0530, Bheema Rao Merugu, BSC, Ambattur, Chennai wrote:
Hi,
I am sorry please find the out put that you are asking for.
# find /usr/local/apache/lib -name CGI.pm -ls 372763 228 -rwxrwxrwx 1 root system 230097 May 27 16:50 /usr/local/apache/lib/perl5/5.8.3/CGI.pm
Egads: a root-owned file that world-writable?! That's _very_ uncool.
If, by merely changing the group the web server runs as suddenly make things work, it still leads me to think that the permissions are off in your Perl tree.
Perl does not install modules world-writable; I think that someone changed permissions on this file, after the fact. :/
If any component in the path /usr/local/apache/lib/perl5/5.8.3/CGI.pm is not world-readable, or, in the case of a directory, world-executable, then user/group nobody/nobody won't be able to read the file.
But this file should certainly not be world-writable.
We had to deal with similar problems in Apache-Test. After many rewrites the following code is used to check whether some directory is -rwx by a certain user. You can adjust it to just check for -rx. It emulates the exact thing that happens when Apache spawns child processes and drops root priveledges.
Just like Apache, this is run as root, and you need to add $uid and $gid of that user the server is running under. $dir is the dir you want to check;
perl -MApache::TestRun -e 'eval { Apache::TestRun::run_root_fs_test($uid, $gid, q[$dir]) }';
You can get the two vars from the username:
my($uid, $gid) = (getpwnam($user))[2..3]
And this is the actual test sub:
# this sub is executed from an external process only, since it
# "sudo"'s into a uid/gid of choice
sub run_root_fs_test {
my($uid, $gid, $dir) = @_; # first must change gid and egid ("$gid $gid" for an empty
# setgroups() call as explained in perlvar.pod)
my $groups = "$gid $gid";
$( = $) = $groups;
die "failed to change gid to $gid"
unless $( eq $groups && $) eq $groups; # only now can change uid and euid
$< = $> = $uid+0;
die "failed to change uid to $uid" unless $< == $uid && $> == $uid; my $file = catfile $dir, ".apache-test-file-$$-".time.int(rand);
eval "END { unlink q[$file] }"; # unfortunately we can't run the what seems to be an obvious test:
# -r $dir && -w _ && -x _
# since not all perl implementations do it right (e.g. sometimes
# acls are ignored, at other times setid/gid change is ignored)
# therefore we test by trying to attempt to read/write/execute # -w
open TEST, ">$file" or die "failed to open $file: $!"; # -x
-f $file or die "$file cannot be looked up";
close TEST; # -r
opendir DIR, $dir or die "failed to open dir $dir: $!";
defined readdir DIR or die "failed to read dir $dir: $!";
close DIR; # all tests passed
print "OK";
}so you probably want to convert it to a script and do your testing. This could be a good addition to the modperl debug utils toolbox.
I'll leave it to you to put all these pieces together.
-- __________________________________________________________________ Stas Bekman JAm_pH ------> Just Another mod_perl Hacker http://stason.org/ mod_perl Guide ---> http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
-- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html
