[ back to toc ]

reading etc/shadow file using cgi/perl script

Date: 2002/04/17 13:49

Q:
how can we read the shadow file of linux (which has the permission set as
600 )using cgi/perl script (purpose :for user authentication).the server
is running as 'nobody' and is showing the error 'permission denied' when
trying to access the shadow file through a perl script from a webbrowser,
even though the script owner is root(the scripts is edited, and saved with
root id). the same script works fine when executed from console(in console
the uid is 0, while when exectued from a webbrowser the uid is 99 (
corresponds to 'nobody').Web server is Apache(version 1.3.17).

Can this be solved by Configuring the webserver to execute setuid
program?but Apache is believed to refuse to run setuid for uid below
certain UID and program with setuid 0 most likely will NOT be
executed.How can apache be configured for this, if it will solve the above
problem

please giv me a solution.....
A:
If I were you I would not configure Apache to run scripts setuid. This
would lead to security risk. Instead I would use some other Apache
authentication module.

Regarding your question:

>Can this be solved by Configuring the webserver to
>execute setuid program?

Yes, and no. Yes, it does, but Apache will refuse to run root setuid
programs unless you hack the source.

Regards,
Peter

[ back to toc ]