Thank you all! I asked the question with some hesitation. But the answers have been enlightening. I never cease to learn from Perl and this community! __________________________________________ Ranga Nathan / CSG Systems Programmer - Specialist; Technical Services; BAX Global Inc. Irvine-California Tel: 714-442-7591 Fax: 714-442-2840
Bob Rogers <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 01/20/2006 04:53 PM To Jeremy Muhlich <[EMAIL PROTECTED]> cc [email protected] Subject Re: [Boston.pm] Running shell commands with specified user permissions From: Jeremy Muhlich <[EMAIL PROTECTED]> Date: Fri, 20 Jan 2006 12:02:20 -0500 On Thu, 2006-01-19 at 22:25 -0500, Bob Rogers wrote: > Frequently I need to execute certain portions of the code (e.g that > creates files / directories) with the user's permission. I am not sure > how to do this in perl. Currently I am doing something like: > > I've never needed this myself, but if I did, I'd probably try $< and $> I believe you'd want $> , the effective uid. A process running as root isn't permitted to change the real uid to another user and then back to root, so $< wouldn't work here unless you fork first. -- Jeremy Yes, but if $> can't be localized, one might want to use one of the examples presented under $> to get back, e.g. "$> = $<;". Never mind; I just tested, and localization works just fine: rgrjr:~ # cat test-euid.pl #! /usr/bin/perl -w use strict; system('id'); { local $> = 500; system('id'); } system('id'); rgrjr:~ # ./test-euid.pl uid=0(root) gid=0(root) groups=0(root) uid=0(root) gid=0(root) euid=500(rogers) groups=0(root) uid=0(root) gid=0(root) groups=0(root) rgrjr:~ # Interestingly, localizing $< also works, and is restored back to root (so the last line printed is the same), presumably because the EUID is still root. The same thing goes for localizing $< and then $>. Only localizing first $> and then $< fails to change either UID back. And I'm told the exact details of this behavior vary from one OS to another, even for ones that are POSIX-compliant. No wonder it's so hard to write code that is both portable and secure. -- Bob _______________________________________________ Boston-pm mailing list [email protected] http://mail.pm.org/mailman/listinfo/boston-pm _______________________________________________ Boston-pm mailing list [email protected] http://mail.pm.org/mailman/listinfo/boston-pm
