Hi,

First off this is dangerous - or at least can be. Whatever you do make sure that you are not passing values to the command line that could be passed to the CGI program without doing some serious checking of the values.

Next is that by default anything executed by a CGI program is going to be run as user nobody (or some rather anonymous and less powerful user). There is good documentation at Apache's web site that can help you set up scripts to run SUID. Basically as whatever user you want. Again this is dangerous - the whole point of a nobody user is that they cannot do as much damage.

Now, it's hard to tell your level of experience from your question, but a few things you should know in general about CGI coding (and even more generally about Perl coding). You want to specify use strict; at the top of your code and use CGI; since this is a CGI program. Using strict forces some good coding habits upon you. Using CGI protects you in other ways - like some basic taint checking from your incoming request.

From here executing system commands is easy if you have the rest of your script working properly. The following (untested) snippit sets up a CGI object then upon receiving a certain value from the user executes a system command: 

#! /usr/bin/perl -w
use strict;
use CGI;

my $q = new CGI;
my @result;

# other stuff happens

if ($q->param('command') eq "command1")
{
    # Notice how I pass NOTHING to the
    # system command that was handed to 
    # the CGI script.
    @result = `/usr/local/bin/script.sh`;
}
elsif ($q->param('command') eq "command2")
{
    # command 2...
}
#  more stuff happens.

# Include code to render your html around here
# then display the result of your system command here:
print join "<BR>", @result;
# Close out your html document.

[download]
I hope this gets you off on the right foot. Just please approach this carefully - have your external program run by the least priviledged user possible, and pass nothing to the command line that you have not sanitized as much as humanly possible. You have much reading to do, but you have a good start if you wander around PerlMonks.org Super Search looking for examples of how to get started.

Good luck,

{NULE}
--
http://www.nule.org

In reply to Re: touching off external processes within perl CGI scripts by {NULE}
in thread touching off external processes within perl CGI scripts by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.