Re^2: perl script using sudo

I have freeBSD 5.4 and using Apache2.0.54

in sudoers www user is allowed to run ntop.sh script

I can run sudo as www user from command line without any password :

# sudo -u www sudo /usr/local/www/cgi-bin/ntop/ntop.sh stop
 ntopbsd# sudo -u www sudo /usr/local/www/cgi-bin/ntop/ntop.sh start
 ntopbsd# ps aux | grep ntop
root     2904  0.0 20.5 30424 25136  ??  Rs   12:14AM   0:00.05 /usr/l
+ocal/bin/ntop -d -L --set-pcap-nonblocking --skip-versi
root     2906  0.0  0.2   352   208  p2  R+   12:14AM   0:00.00 grep n
+top
[download]

ntop.sh looks:

#!/bin/sh

#---------------------------------------------------------------------
+-
# The following variables may be changed
#

# Network interface(s) to be monitored;
# may be blank, or comma-separated list
interfaces=''

# User to run ntop as; leave blank for root
userid='nobody'

# [IP:]port for serving HTTP; set to '0' to disable
http_port='0'

# [IP:]port for serving HTTPS; set to '0' to disable
# The certificate is /usr/local/etc/ntop/ntop-cert.pem
https_port='10.41.3.77:3001'

# Directory for ntop.access.log
logdir='/var/log'

# Specify any additional arguments here - see ntop(8)
additional_args=''

#
# End of user-configurable variables
#---------------------------------------------------------------------
+-

args='-d -L --set-pcap-nonblocking --skip-version-check'

[ ! -z $interfaces ] && args="$args -i $interfaces"
[ ! -z $http_port ] && args="$args -w $http_port"
[ ! -z $https_port ] && args="$args -W $https_port"
[ ! -z $logdir ] && args="$args -a ${logdir}/ntop.access.log"
[ ! -z $userid ] && args="$args -u $userid"
[ ! -z "$additional_args" ] && args="$args $additional_args"

case "$1" in
start)
  # is it the first time we run ntop
  [ ! -e /var/db/ntop/ntop_pw.db ] && {
    # just in case...
    [ ! -d  /var/db/ntop ] && {
        echo "Reinstalling database directory"
        mkdir -p  /var/db/ntop
        chown -R $userid:$userid  /var/db/ntop
    }
    /usr/local/bin/ntop -u $userid -A || exit 1
    echo "Now we can start ntop!"
  }
  if [ -d $logdir ]; then
    touch ${logdir}/ntop.access.log
    chown $userid ${logdir}/ntop.access.log
  fi
  if [ -x /usr/local/bin/ntop ]; then
    /usr/local/bin/ntop $args > /dev/null 2>&1 &
    echo -n ' ntop'
  fi
  ;;
stop)
  killall ntop > /dev/null 2>&1 && echo -n ' ntop'
  ;;
*)
  echo "Usage: `basename $0` {start|stop}" >&2
  exit 64
  ;;
esac

exit 0
[download]

I should be able to execute my perl script from command line without errors.

greetings
cc

Comment on Re^2: perl script using sudo Select or Download Code

Replies are listed 'Best First'.
Re^3: perl script using sudo by Nkuvu (Priest) on Jul 23, 2005 at 23:22 UTC
When you run the script from a normal prompt, you're running it as your normal user account, not www. So I would think that it's still the sudo requiring password issue. Either run the script from the command line using `sudo -u www` (something like: `sudo -u www perl /path/to/perl/script.cgi`) or add your normal account to the sudoers file.	[reply] [d/l] [select]
Re^4: perl script using sudo by cc (Beadle) on Jul 24, 2005 at 01:01 UTC
I solved this problem this perl code does his job very well: system `/usr/local/www/cgi-bin/ntop/ntop.sh stop` or die "cannot stop +ntop: $!"; sleep(8); $cc = `sudo /usr/local/www/cgi-bin/ntop/ntop.sh start` or die "cannot +start ntop: $!"; print "status:</font> ",$cc,"\n"; [download] Now I can stop and start ntop via browser ! greetings cc	[reply] [d/l]
Re^5: perl script using sudo by halley (Prior) on Jul 24, 2005 at 16:48 UTC
You're still using backticks. You know, the little ` ` marks? And now you're using backticks and then calling `system()` with the RESULTS of the backticks. Er, hello?! `my $val = system("/usr/local/www/cgi-bin/ntop/ntop.sh stop"); die "command got results of $val" if $val != 0;` [download] Use regular strings to describe your command, and give that as an argument to the `system()` function. That runs a command. It returns a NUMBER result, such as 0 for success. As mentioned before, backticks returns a STRING of the program's output, which is a silly way to check for basic success in most cases. -- `[ e d @ h a l l e y . c c ]`	[reply] [d/l] [select]