Managers,
I've got a problem. Not sure where to turn to, and it definitely
involves Alphas, so ...
The situation: I've got a DEC 3000/800 running DU 4.0B as a web
server. I'm trying to write a little CGI utility that updates a custom
calendar database (nothing fancy -- just events, no scheduling or
anything like that). I'm using the Netscape FastTrack server that came
with the OS.
The command line utility (call it calwrapper) works just fine. The
forms web page passes variables just fine. What it does, is calls a
Perl (5.003) CGI script, which does a fork & pipe to fire up an expect
instance. It doesn't create any files, because there is Unix password
information being passed to the expect script. The expect script
spawns a shell and runs the calwrapper utility.
Now, to make things more interesting, calwrapper is a little C program
that's setuid. And *IT* fork & execs off a Perl script (which can only
be read/executed by the dummy 'calendar' user) which does the actual
work.
So. Web server, running as nobody, calls CGI script, which forks
itself, pipes to an expect call, which spawns a shell and runs a setuid
program, which forks and exec's a Perl script. I have to do it this
way to implement access control -- anyone can list calendar data, only
members of a Unix group can add, and only administrators or entry
owners can delete or modify.
The problem?
"/dev/tty<whatever>: Permission denied."
The Perl calendar script (the final executee here) reads from standard
input, all handled by expect code (that works fine manually). The
problem undoubtedly comes from the web interface, and maybe has a
special 'nobody' clause too (can the user 'nobody' fork off setuid
programs?). This is all local disk stuff.
I'd love to try and make the web page authenticate to the calendar
userid, to eliminate the 'nobody' question, but I had to make manual
customizations to the FastTrack config files to make it work right and
the dern admin interface just can't seem to handle that. Since this
came with the OS, I don't have the FastTrack manuals handy either.
Does anyone know why I'm getting a "/dev/ttyXX: Permission denied"
error on trying to run the calwrapper setuid C program from within a
pipe'd expect script, from a CGI Perl script? <half :-)>
On a related note, how the (#%*^ does one get the stupid FastTrack
admin interface to ignore customizations without overwriting them?
Thanks....
Mike
--
---
Michael Matthews (703) 227 9281 / (703) 848 6359
Systems Administrator/Resident Geek http://cyber.sgate.com/~matthewm/
Received on Tue May 27 1997 - 22:04:52 NZST