cc has asked for the wisdom of the Perl Monks concerning the following question:

hi

I've written this perl script:
#!/usr/bin/perl -w

use CGI::Carp qw(fatalsToBrowser);
use CGI;
my $query = new CGI;

# write the log
BEGIN
{
use CGI::Carp qw(carpout);
my $errorlog = "/var/tmp/errorlog.txt";
open(LOG, ">$errorlog") or die("Unable to open $errorlog: $!\n");
print LOG "Errors:\n";
carpout(*LOG);
}

print $query->header;
print "<html>\n";
print "<head>\n";
print "<title>ntop startup script</title>\n";
print "<STYLE TYPE='text/css'>\n";
print "h3 { color: red }\n";
print "a { text-decoration: none; font: bold 14pt/16pt Ariel, serif }"
+;
print "a:hover { color: red } /* when mouse is over link */";
print "</style>\n";
print "</head>\n";
print "<body bgcolor='#c0c0d0'>\n";
print "<center>";
print "<p><br></p>";
print "<p><br></p>";

`sudo sh /usr/local/www/cgi-bin/ntop/ntop.sh stop` or die "cannot stop
+ ntop: $!";
sleep(8);
$cc = `sudo sh /usr/local/www/cgi-bin/ntop/ntop.sh start` or die "cann
+ot start ntop: $!";
print "Status: ",$cc,"\n";

print "</body>";
print "</html>";

exit($cc);

[download]

this script shoul execute the shell startup script,
but it won't work.

from command line I get following error:
# perl ntop4.cgi

Content-Type: text/html; charset=ISO-8859-1
<html>
<head>
<title>ntop startup script</title>
<STYLE TYPE='text/css'>
h3 { color: red }
a { text-decoration: none; font: bold 14pt/16pt Ariel, serif }a:hover 
+{ color: red } /* when mouse is over link */</style>
</head>
<body bgcolor='#c0c0d0'>
<center><p><br></p><p><br></p><h1>Software error:</h1>
<pre>cannot stop ntop: No such file or directory at ntop4.cgi line 32.
+</pre>
<p>
For help, please send mail to this site's webmaster, giving this error
+ message
and the time and date of the error.
</p>

[download]

I really don't understand, what's wrong.
the paths are correct and files are executable.

kind regards
cc

Replies are listed 'Best First'.
Re: perl script using sudo
by Nkuvu (Priest) on Jul 23, 2005 at 16:44 UTC
    sudo requires a password, unless you explicitly set it up in the sudoers file not to. My first guess is that when the script runs it doesn't feed a password to sudo (that's more than a guess, I can see that the script doesn't) so the command fails. The guess part is that the call to sudo will either time out or go away when called from within Perl.

    In addition I see future problems when you try to run this as a CGI program. The user that Apache runs under (guessing that you're using Apache as it looks like you're on a *n*x environment) doesn't have permission to run sudo at all.

    I don't see this as a Perl or permissions error -- at least, not a file permissions error. First, I would ensure that the ntop shell script has the proper shebang line, and set it to be executable. Then I'd go over it with a fine tooth comb and see if it's secure. Then ask some others to take a look at it to be sure. When you're sure it doesn't have any security holes, you can set it up to run under sudo without a password in the sudoers file. Or find a different way to do what it is that you're doing.

[reply]
Re: perl script using sudo
by Crackers2 (Parson) on Jul 23, 2005 at 22:44 UTC

    I think the sh in the sudo call is the problem. You probably want to change your sudo line to
    `sudo /usr/local/www/cgi-bin/ntop/ntop.sh stop` or die "cannot stop ntop: $!";

    That's the way you seem to have tried it from the command line in one of your later replies, so that's the way you should call it from your script as well. If the way you have it in your script right now would work (with a non-absolute path to sh) you'd give full root access to the user since they can rename whatever program they want to sh and execute it as root.

[reply]
[d/l]
[select]
Re: perl script using sudo
by gam3 (Curate) on Jul 23, 2005 at 16:16 UTC
    The problem could be in ntop.sh (PATH is be different under CGI).

    Otherwise I would say it must be a permissions problem.

    -- gam3
    A picture is worth a thousand words, but takes 200K.
[reply]
Re: perl script using sudo
by halley (Prior) on Jul 23, 2005 at 21:32 UTC
    Also, you should use system(), not backticks or qx//, unless you're trying to collect all of the stdout results of a command. Backticks are not just a convenient syntactic equivalent of system() calls. The evaluated value from backticks is a string. The function call returns an integer from which you can decide success or failure directly.

    --
    [ e d @ h a l l e y . c c ]

[reply]
[d/l]
[select]
      I have freeBSD 5.4 and using Apache2.0.54

      in sudoers www user is allowed to run ntop.sh script

      I can run sudo as www user from command line without any password :
      # sudo -u www sudo /usr/local/www/cgi-bin/ntop/ntop.sh stop
 ntopbsd# sudo -u www sudo /usr/local/www/cgi-bin/ntop/ntop.sh start
 ntopbsd# ps aux | grep ntop
root     2904  0.0 20.5 30424 25136  ??  Rs   12:14AM   0:00.05 /usr/l
+ocal/bin/ntop -d -L --set-pcap-nonblocking --skip-versi
root     2906  0.0  0.2   352   208  p2  R+   12:14AM   0:00.00 grep n
+top

      [download]
      ntop.sh looks:
      #!/bin/sh

#---------------------------------------------------------------------
+-
# The following variables may be changed
#

# Network interface(s) to be monitored;
# may be blank, or comma-separated list
interfaces=''

# User to run ntop as; leave blank for root
userid='nobody'

# [IP:]port for serving HTTP; set to '0' to disable
http_port='0'

# [IP:]port for serving HTTPS; set to '0' to disable
# The certificate is /usr/local/etc/ntop/ntop-cert.pem
https_port='10.41.3.77:3001'

# Directory for ntop.access.log
logdir='/var/log'

# Specify any additional arguments here - see ntop(8)
additional_args=''

#
# End of user-configurable variables
#---------------------------------------------------------------------
+-

args='-d -L --set-pcap-nonblocking --skip-version-check'

[ ! -z $interfaces ] && args="$args -i $interfaces"
[ ! -z $http_port ] && args="$args -w $http_port"
[ ! -z $https_port ] && args="$args -W $https_port"
[ ! -z $logdir ] && args="$args -a ${logdir}/ntop.access.log"
[ ! -z $userid ] && args="$args -u $userid"
[ ! -z "$additional_args" ] && args="$args $additional_args"

case "$1" in
start)
  # is it the first time we run ntop
  [ ! -e /var/db/ntop/ntop_pw.db ] && {
    # just in case...
    [ ! -d  /var/db/ntop ] && {
        echo "Reinstalling database directory"
        mkdir -p  /var/db/ntop
        chown -R $userid:$userid  /var/db/ntop
    }
    /usr/local/bin/ntop -u $userid -A || exit 1
    echo "Now we can start ntop!"
  }
  if [ -d $logdir ]; then
    touch ${logdir}/ntop.access.log
    chown $userid ${logdir}/ntop.access.log
  fi
  if [ -x /usr/local/bin/ntop ]; then
    /usr/local/bin/ntop $args > /dev/null 2>&1 &
    echo -n ' ntop'
  fi
  ;;
stop)
  killall ntop > /dev/null 2>&1 && echo -n ' ntop'
  ;;
*)
  echo "Usage: `basename $0` {start|stop}" >&2
  exit 64
  ;;
esac

exit 0

      [download]

      I should be able to execute my perl script from command line without errors.

      greetings
      cc
[reply]
[d/l]
[select]
        When you run the script from a normal prompt, you're running it as your normal user account, not www. So I would think that it's still the sudo requiring password issue. Either run the script from the command line using sudo -u www (something like: sudo -u www perl /path/to/perl/script.cgi) or add your normal account to the sudoers file.
[reply]
[d/l]
[select]

Back to Seekers of Perl Wisdom