Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

comment on

( [id://3333]=superdoc: print w/replies, xml ) Need Help??

[reordered]

Hope that helps you.

Thx, talexb, it certainly does. I opted for /opt, but I have to say that I'm confused about whose turf it is. I found that I could only scp as root:

$ scp 2.begin.pl fred@164.90.158.33:/opt/scripts/dev scp: /opt/scripts/dev/2.begin.pl: Permission denied $ scp 2.begin.pl root@164.90.158.33:/opt/scripts/dev 2.begin.pl 100% 1011 12.7KB/s +00:00 $

I think to remember someone with greater experience writing that it's best not to ssh as root. (Is that a thing?)

Update: I was trying to recall what afoken wrote in Re^7: [OT] A New Everything ?. The caution wasn't against ssh'ing as root per se, but doing so with password authentication:

$ ssh root@206.189.67.44 root@206.189.67.44's password: Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-45-generic x86_64)

For where I ended up, I found the links refreshing to reread, in particular Greetings and salutations | sudo. In the wake of reading that I'm sshing as root with impunity, and doing things without using sudo.

Another link I found in the rereading worth reposting is the Debian Administrator's Handbook by Raphaël Hertzog and Roland Mas

End Update

Anyways, I was confused about whether root or fred should own things and decided to make a group:

fred@fourth:~$ sudo groupadd mygroup [sudo] password for fred: fred@fourth:~$ sudo usermod -a -G mygroup fred fred@fourth:~$ sudo usermod -a -G mygroup root fred@fourth:~$ getent group mygroup mygroup:x:1001:fred,root fred@fourth:~$ fred@fourth:/opt$ sudo chown root:mygroup scripts fred@fourth:/opt$ ll total 16 drwxr-xr-x 4 root root 4096 Dec 30 04:10 ./ drwxr-xr-x 19 root root 4096 Dec 2 20:03 ../ drwxr-xr-x 4 systemd-coredump root 4096 Sep 26 2020 digitalocean/ drwxr-xr-x 5 root mygroup 4096 Dec 30 04:13 scripts/ fred@fourth:/opt$ sudo chmod 770 scripts fred@fourth:/opt$ ll total 16 drwxr-xr-x 4 root root 4096 Dec 30 04:10 ./ drwxr-xr-x 19 root root 4096 Dec 2 20:03 ../ drwxr-xr-x 4 systemd-coredump root 4096 Sep 26 2020 digitalocean/ drwxrwx--- 5 root mygroup 4096 Dec 30 04:13 scripts/ fred@fourth:/opt$

I thought 770 was the right permissions for this situation in terms of inclusion and exclusion. (?) And after changing the group behavior, I'm able to scp as fred to a directory that's owned by root.

I would use crontab.

Ok. I think I've got this lined up to go off at 6 tomorrow morning:

fred@fourth:/opt/scripts/dev$ crontab -e no crontab for fred - using an empty one crontab: installing new crontab fred@fourth:/opt/scripts/dev$ crontab -l # Edit this file to introduce tasks to be run by cron. ...snip # m h dom mon dow command 0 6 * * * /opt/scripts/dev/2.begin.pl
However, I'm not exactly what this script is meant to do -- just check that the environment is clean? How is the output being used? Are you just logging on a looking at the output? Is there going to be a cron job that E-Mails this to you? Are you going to look at the results on a web page? Will the script stop if it's installed in a bad location?

Several questions there. 1. The code to dump the environment is just the stub-out to see what's there. I'll make some comparisons to see if my Begin section is pruning anything away.2. The output at this point is simply proof that I can do some minimal thing. 3. Output would eventually inform my day. 4. I would like an e-mail out of this. Is there some preferred way to do that? 5. I want weather reports logged so that Template can use the values to display a webpage. I'd also like a couple of useful screenshots and will see if I can use Corion's automated browsers to that end. I'd like to imitate the keystrokes I make almost every time I figure out what dangers to avoid in the mountain west. 6. I'm not sure whether this whole business of checking where the script is by comparing it to a hardcoded string in the Begin section solves any realistic attack. I still don't know what an attacker "looks like" from a perl/unix perspective.

Anyways, I'm pushing close to midnight local, so time for me to celebrate sleep and hope that I wake up to automatic output in the year 2022. Cheers....


In reply to Re^2: creating a secure environment for perl scripts to run by Aldebaran
in thread creating a secure environment for perl scripts to run by Aldebaran

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others learning in the Monastery: (5)
As of 2024-03-28 16:00 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found