Home Accessibility Courses Twitter The Mouth Facebook Resources Site Map About Us Contact
 
For 2023 (and 2024 ...) - we are now fully retired from IT training.
We have made many, many friends over 25 years of teaching about Python, Tcl, Perl, PHP, Lua, Java, C and C++ - and MySQL, Linux and Solaris/SunOS too. Our training notes are now very much out of date, but due to upward compatability most of our examples remain operational and even relevant ad you are welcome to make us if them "as seen" and at your own risk.

Lisa and I (Graham) now live in what was our training centre in Melksham - happy to meet with former delegates here - but do check ahead before coming round. We are far from inactive - rather, enjoying the times that we are retired but still healthy enough in mind and body to be active!

I am also active in many other area and still look after a lot of web sites - you can find an index ((here))
Perl for Systems Admin - suid scripts

I've just completed a week teaching Perl to a systems administration team, and most of their work is involved in traversing data logs and system reports and extracting pertinent information / seeing when characteristics change - classic for a Practical Extraction and Reporting Language from which "Perl" got its name.

But there's more to Systems Admin work. For example, there are occasions when the admin script author wishes to allow some very specific privilage normally reserved for root to a user. My delegates were already aware of how to do this with the bash shell, and were also well aware of the security implications. If you are not aware of these implications, FIND OUT about them before you use the methods described here.

To run a Perl script with root privilage:
a) Set the owner of the script to root
b) Set the suid bit on the file on (chmod u+s filename)
c) Turn off read permission, and on execute permission to the file to everyone except root (chmod go=x)

Your script will run in Perl's "tainted mode" if the suid bit is set. This means that all user inputs are marked as being unclean / risky, and neither they nor any variables with content derived from them is available in 'dangerous' calls such as backquoted commands, open functions, system calls, etc. The purpose of this is to avoid injection attacks; it's frustrating when you first see it, but you'll be very glad of the extra help in identifying potential holes that's provided.

If you do need to mark a variable "clean" in tainted mode, you do so by capturing the clean parts into special variables $1, $2, $3 etc in a regular expression match. In this one case, the derivative of a tainted variable is marked as being clean, so you can the make full use of your cleaned user inputs.
(written 2006-05-25, updated 2006-06-05)

 
Associated topics are indexed as below, or enter http://melksh.am/nnnn for individual articles
P214 - Perl - System Dependencies
  [1702] Running operating system commands in Perl - (2008-07-08)
  [2825] Perl course - is it tailored to Linux, or Microsoft Windows? - (2010-06-25)


Back to
Where is a web site visitor browsing from
Previous and next
or
Horse's mouth home
Forward to
Keeping customers informed by email
Some other Articles
Coloured text in a terminal from Perl
New Tape Librarian
Boys will be boys, saved by Ubuntu
Keeping customers informed by email
Perl for Systems Admin - suid scripts
Where is a web site visitor browsing from
Hotel Technology Requirements
Reading the newspaper and working with other restrictions
Career development advice
Looking ahead and behind in a Regular Expression
4759 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 at 50 posts per page


This is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.

Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2024: 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho

PAGE: http://www.wellho.net/mouth/733_Perl ... ripts.html • PAGE BUILT: Sun Oct 11 16:07:41 2020 • BUILD SYSTEM: JelliaJamb