in reply to CGI script cannot create file.

# somewhere in the main part of the script
use CGI qw/ fatalsToBrowser /;
use CGI::Carp;
...
sub WebPassWrite { 
... mumble
    open PAS,"> hf" or die $!;  #Always catch errors!!!
}

[download]

You'll notice I've added the die $!; to your open statement. This eliminates some of the guesswork and worst case will emit to your servers's log files some form of error that you can use to determine what happened.

More commentary: Most web servers (Apache, IPlanet, whatever the hell Microsoft publishes these days) run CGI scripts as a restricted or trivial user. Some common userids under *nix that this happens as are as follows:

In some rare cases (hosting providers for instance) run either a web instance with the userid of the "owner" or CGI as the "owner" or both. In that event make sure your are writing the file to someplace under your home directory.

I am not a big fan of using relative paths when opening a file for writing. There exists a danger that you end up writing the file someplace you don't expect. For instance if you CGI script is running as yourself (rare occasion) but the current working directory the script is running at is somewhere you don't have write access your code is going to bomb.

Lastly... I'm not sure what you are trying to accomplish here. Writing passwords to a file has attendant dangers. Make sure the permission bits on the file are restrictive enough to prevent prying eyes for looking at it. Having a CGI script write those passwords is an even worse idea. Gives hackers something to shoot at.

Peter L. Berghold -- Unix Professional
Peter -at- Berghold -dot- Net; AOL IM redcowdawg Yahoo IM: blue_cowdawg

Replies are listed 'Best First'.
Re^2: CGI script cannot create file.
by Anonymous Monk on Dec 20, 2012 at 03:02 UTC
    First off, thank you all for being so helpful.
    I'm still unsure about how to go about writing a file from a "setup" CGI script. I've tried everything I can find. I think I just don't understand the concept as deeply as I should.

    What I'm trying to accomplish is this:
    A Web setup that writes several files, and asks the user if input for these files. This setup only runs if the files it writes do not currently exist. Its suposed to create the following files:

    hf (My "password" file which as councled by many of you will be changed to store as a salted hash.)

    .Site (this file contains the Site name, the meta tags, and a list of pages belonging to the site)

    Home.Page (An initial .Page file so that the index.pl has something to load.)

    .Menu (a list of pages that should have a link on the main menu)

    The person I'm creating this for is not tech savvy, and wants an extremely easy (Visual) way to update they're website. They are using IPower wich does not allow ssh (At least not for this particular Account) so I do not have the choice of running the scripts as the user. If there is any way to have a perl script login as the user who's home directory it has been copied to, that is what I really need to know.

    Again thank you all for providing me with so much good info. I will defiantly be making use of the Hashing security info. And have already implemented the error checking now.
[reply]
          If there is any way to have a perl script login as the user who's home directory it has been copied to, that is what I really need to know.

      That is entirely out of the purview of Perl. You need to work with the web server administrator to set this up. Since I don't know which web server package is in play here I can't even begin to comment on how this is done and I've administered my share of web servers over the years.

      Peter L. Berghold -- Unix Professional
      Peter -at- Berghold -dot- Net; AOL IM redcowdawg Yahoo IM: blue_cowdawg
[reply]

In Section Seekers of Perl Wisdom