sluttysysadmin has asked for the wisdom of the Perl Monks concerning the following question:

Hello, I am writing a perl script which should create a file in /var/named directory. I am using the following line in my script, open FILE, "+>", "/var/named/$domain.db"; The script is creating a file with ".db" extension but not as "domain.db". I am passing the value for the variable $domain from a HTML page. Can anyone please help me to fix this out ? Thanks in advance.

Replies are listed 'Best First'.
Re: Can't create file
by Corion (Patriarch) on Oct 05, 2009 at 15:41 UTC

    In short, what you're doing is a bad, bad idea. You will need to sanitize the $domain input because otherwise, anybody can overwrite any file on your server that your webserver has write permissions to.

    Variables are not magical under Perl CGI, so you best start off by reading CGI when writing a CGI script. You will need to accept the variables from the CGI module and then handle them in your program. But again, you shouldn't modify your system just by accepting input from a web page, even if that page is only accessible from a "secure network".

[reply]
[d/l]
      Hello Corion, I really appreciate your views. I am trying this in my home machine. Can you please help me out with pointing out what is wrong with the code ? I just want to create a zone file. I am learning Perl and do not know much about regex. The below is the entire code which I am using, 
      #!/usr/local/bin/perl

use strict;
use CGI ':standard';
use Cwd;



my $ipaddr = param('ipaddr');
my $domain = param('domain');
my $serial = `/bin/date +"%Y%m%d"00`;


print header(),
start_html('Zone created Successfully'),
"Zone created Successfully",
end_html();


open FILE, "+>", "/var/named/$domain.db";

print FILE "@      86400    IN      SOA     ns1.eth1.in. ilugbelgaum.g
+mail.com. (
                $serial         ; serial, todays date+todays
                86400           ; refresh, seconds
                7200            ; retry, seconds
                3600000         ; expire, seconds
                86400 )         ; minimum, seconds

$domain. 86400 IN NS ns1.eth1.in.
$domain. 86400 IN NS ns2.eth1.in.


$domain. IN A $ipaddr

localhost.$domain. IN A 127.0.0.1

$domain. IN MX 0 $domain.

mail IN CNAME $domain.
www IN CNAME $domain.
ftp IN CNAME $domain.
";

close FILE;

      [download]
      Thanks !
[reply]
[d/l]
Re: Can't create file
by ikegami (Patriarch) on Oct 05, 2009 at 15:42 UTC

    The script is creating a file with ".db" extension but not as "domain.db"

    Then one would think that $domain doesn't contain the string domain.

    I am passing the value for the variable $domain from a HTML page

    One would hope you don't allow values such as "../../etc/passwd\0"

[reply]
[d/l]
[select]
Re: Can't create file
by insaniac (Friar) on Oct 05, 2009 at 15:43 UTC
    How about: 
    open FILE, "+>", "/var/named/$domain.db" 
        or die "Could not open file $domain.db: $!\n";

    [download]
    The variable $! contains the operation system error message, in case something went wrong ;-)

    Secondly, maybe you should check if the variable $domain is defined and has content?

    to ask a question is a moment of shame
    to remain ignorant is a lifelong shame

[reply]
[d/l]
[select]
      Hello insaniac, I made the changes you suggested. It still doesn't work. I can see the following error in the Apache error log. [Mon Oct 05 19:57:18 2009] [error] [client 192.168.2.4] Could not open file test123.com.db: Permission denied, referer: http://192.168.2.99/a.html Any views ?
[reply]
[d/l]
        I think the error message is pretty clear; Permission denied!!!

        So, you slutty sysadmin, fix the permissions on that directory or file! (i'm guessing that your Apache user doesn't have write permission there)

        to ask a question is a moment of shame
        to remain ignorant is a lifelong shame

[reply]

Back to Seekers of Perl Wisdom