On Thu, Apr 07, 2005 at 05:09:00PM +0300, Shachar Shemesh wrote: > Hi all, > > I'm building a small web application. As I want this app to make changes > in the system, I'm using a suid (non-root) perl executable to carry out > most of the actual operations, and the application (read - apache) runs > this executable. > > So far, so good. > > One of the operations I need carried out is creating an SSH key. I use > the following syntax inside the perl script: > if( system("ssh-keygen", "-q", "-b", $1, "-t", "dsa", "-f", > "/home/user/.ssh/id_dsa", "-N", "", "-C", > $2 )==0 ) { > > If I run the perl script directly, everything is great. If I try to run > it from the web server, however, the "system" isn't carried out. I > thought it may have to do with "system" trying to rely on a shell which > the apache user doesn't have, but the man page for perlfunc says that a > shell is only required if the other syntax for "system" is used, and > that execvp is used for this syntax. > > I also tried switching to the other syntax and redirecting the output to > a file. Nothing. The file is not even created. > > I tried replacing ssh-keygen with /usr/bin/ssh-keygen, but that did not > solve the problem either. > > In short, I'm fairly running out of ideas as to how to debug this. I > can't seem to find a way to test what is going wrong. Ideas would be > most welcome
Did you try strace and see that it really doesn't try to exec? If you do, note you can't strace a suid exec. To do this, strace -p as root. -- Didi ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]