in reply to perl script using sudo

Also, you should use system(), not backticks or qx//, unless you're trying to collect all of the stdout results of a command. Backticks are not just a convenient syntactic equivalent of system() calls. The evaluated value from backticks is a string. The function call returns an integer from which you can decide success or failure directly.

--
[ e d @ h a l l e y . c c ]

Replies are listed 'Best First'.
Re^2: perl script using sudo
by cc (Beadle) on Jul 23, 2005 at 22:30 UTC
    I have freeBSD 5.4 and using Apache2.0.54

    in sudoers www user is allowed to run ntop.sh script

    I can run sudo as www user from command line without any password :
    # sudo -u www sudo /usr/local/www/cgi-bin/ntop/ntop.sh stop
 ntopbsd# sudo -u www sudo /usr/local/www/cgi-bin/ntop/ntop.sh start
 ntopbsd# ps aux | grep ntop
root     2904  0.0 20.5 30424 25136  ??  Rs   12:14AM   0:00.05 /usr/l
+ocal/bin/ntop -d -L --set-pcap-nonblocking --skip-versi
root     2906  0.0  0.2   352   208  p2  R+   12:14AM   0:00.00 grep n
+top

    [download]
    ntop.sh looks:
    #!/bin/sh

#---------------------------------------------------------------------
+-
# The following variables may be changed
#

# Network interface(s) to be monitored;
# may be blank, or comma-separated list
interfaces=''

# User to run ntop as; leave blank for root
userid='nobody'

# [IP:]port for serving HTTP; set to '0' to disable
http_port='0'

# [IP:]port for serving HTTPS; set to '0' to disable
# The certificate is /usr/local/etc/ntop/ntop-cert.pem
https_port='10.41.3.77:3001'

# Directory for ntop.access.log
logdir='/var/log'

# Specify any additional arguments here - see ntop(8)
additional_args=''

#
# End of user-configurable variables
#---------------------------------------------------------------------
+-

args='-d -L --set-pcap-nonblocking --skip-version-check'

[ ! -z $interfaces ] && args="$args -i $interfaces"
[ ! -z $http_port ] && args="$args -w $http_port"
[ ! -z $https_port ] && args="$args -W $https_port"
[ ! -z $logdir ] && args="$args -a ${logdir}/ntop.access.log"
[ ! -z $userid ] && args="$args -u $userid"
[ ! -z "$additional_args" ] && args="$args $additional_args"

case "$1" in
start)
  # is it the first time we run ntop
  [ ! -e /var/db/ntop/ntop_pw.db ] && {
    # just in case...
    [ ! -d  /var/db/ntop ] && {
        echo "Reinstalling database directory"
        mkdir -p  /var/db/ntop
        chown -R $userid:$userid  /var/db/ntop
    }
    /usr/local/bin/ntop -u $userid -A || exit 1
    echo "Now we can start ntop!"
  }
  if [ -d $logdir ]; then
    touch ${logdir}/ntop.access.log
    chown $userid ${logdir}/ntop.access.log
  fi
  if [ -x /usr/local/bin/ntop ]; then
    /usr/local/bin/ntop $args > /dev/null 2>&1 &
    echo -n ' ntop'
  fi
  ;;
stop)
  killall ntop > /dev/null 2>&1 && echo -n ' ntop'
  ;;
*)
  echo "Usage: `basename $0` {start|stop}" >&2
  exit 64
  ;;
esac

exit 0

    [download]

    I should be able to execute my perl script from command line without errors.

    greetings
    cc
[reply]
[d/l]
[select]
      When you run the script from a normal prompt, you're running it as your normal user account, not www. So I would think that it's still the sudo requiring password issue. Either run the script from the command line using sudo -u www (something like: sudo -u www perl /path/to/perl/script.cgi) or add your normal account to the sudoers file.
[reply]
[d/l]
[select]
        I solved this problem

        this perl code does his job very well:
        
system `/usr/local/www/cgi-bin/ntop/ntop.sh stop` or die "cannot stop 
+ntop: $!";
sleep(8);
$cc = `sudo /usr/local/www/cgi-bin/ntop/ntop.sh start` or die "cannot 
+start ntop: $!";
print "status:</font> ",$cc,"\n";

        [download]


        Now I can stop and start ntop via browser !

        greetings
        cc
[reply]
[d/l]

In Section Seekers of Perl Wisdom