in reply to Re: User Executing my CGI Script
in thread User Executing my CGI Script

The reason I need to be perlnewbie is because I need to set up ssh-keygen on the host server so it does not ask for a password. Therefore, I need to know what user is going to be logging in (and what user the script would be running as) . So the connection would go from the server running the CGI script to the remote host using that user.

Replies are listed 'Best First'.
Re^3: User Executing my CGI Script
by jethro (Monsignor) on Jul 01, 2009 at 00:09 UTC

    I suspect that, whatever you want to do, you have some misconception about how things work with ssh and/or web servers.

    1) You can (maybe) find out who is accessing a web page from the information his browser is sending or from the whatever the user is providing on the web page, but accessing that information has nothing to do with the user who is running the web server

    2) ssh-keygen creates a key-pair, the public key of that pair has first to be transported to the remote host before the CGI script can login without using a password. But that still doesn't mean that the CGI script has to run as a specific user to login to the remote host as that user. That's what the -l parameter of ssh is for, to login as any user you want on the other host.

    3) Whoever posesses the secret key of that key pair can login to the remote user with the public key, it doesn't matter whether he is perlnewbie or nobody

[reply]
Re^3: User Executing my CGI Script
by quester (Vicar) on Jul 01, 2009 at 00:17 UTC
    You most likely want to use 
    su -
su - nobody

    [download]
    and then run ssh-keygen as nobody. (The initial "su -" is only needed to allow you to "su - nobody" even if the nobody userid doesn't have a password, which is almost always the case. If you aren't the sysadmin, you will need his help for this, of course.)
     
    This is probably much safer in the long run than trying to change the userid that Apache uses; there are a lot of security considerations to setting up an Apache userid without adding security holes to your system. In particular, if you have SELinux installed (typically Red Hat and Fedora will have it by default) there are a lot of rules that are specific to the nobody account. All other things being equal, you probably don't want to expend the effort to have to copy all those rules and then keep them maintained.
[reply]
[d/l]
      Hi,
      you need to change the username from 'nobody' to some previllaged user in the httpd.conf settings.
      Thanks,
      - Raja
[reply]

In Section Seekers of Perl Wisdom