Home > Archive > PERL Beginners > March 2005 > suidperl.
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Rod Za 2005-03-25, 8:55 pm |
| Hello all.
I'm trying to make changes in a file (smb.conf) that is owner by root (chmod=644). I'm using the
Config::IniFiles module to do the work and the script run as 'lp' user.
This is a piece of code:
<code>
if($self->{config}{AUTO_SMB_PRINTER}){
$self->log_it('DEBUG',"(D): Auto SAMBA printer on.");
my $smb_cfg = new Config::IniFiles( -file => '/etc/samba/smb.conf');
if (!$smb_cfg){
$self->log_it('DEBUG',"(D) Error on open '/etc/samba/smb.conf'");
$self-> log_it('DEBUG',Dumper(@Config::IniFiles:
:errors));
}
if(!$smb_cfg->SectionExists("$self->{printer}")){
$smb_cfg->AddSection($self->{printer});
$smb_cfg->newval($self->{printer},'comment','Auto printer');
$smb_cfg->newval($self->{printer},'path','/var/tmp');
$smb_cfg->newval($self->{printer},'printable','yes');
$smb_cfg->newval($self->{printer},'browseable','yes');
$smb_cfg->newval($self->{printer},'guest ok','yes');
$smb_cfg->newval($self->{printer},'public','yes');
if($smb_cfg->WriteConfig('/etc/samba/smb.conf')){
$self->log_it('DEBUG',"(D): - Auto SAMBA printer OK.");
} else {
$self->log_it('ERR',"(E): - Error on Auto SAMBA printer: $!");
}
} else {
$self->log_it('DEBUG',"The printer exists.");
}
} else {
$self->log_it('DEBUG',"Auto SAMBA printer off.");
}
</code>
This doesnt works becouse the owner of the file is 'root'. How can i solve this? using suidperl?
thank you very much
Rodrigo
________________________________________
__________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
| |
| Jonathan Paton 2005-03-27, 8:55 am |
| > This doesnt works becouse the owner of the file is 'root'. How can i solve
> this? using suidperl?
Little information, so I make assumptions:
* You have root access - otherwise suidperl isn't going to help.
* You need to modify smb.conf from a non-root account.
* Using the existing samba web administration interface is not
possible - even if automated.
I would consider changing the group of smb.conf to say "lp", then the
permissions to 664. That would probably be better than any suid
program.
Jonathan Paton
--
#!perl
$J=' 'x25 ;for (qq< 1+10 9+14 5-10 50-9 7+13 2-18 6+13
17+6 02+1 2-10 00+4 00+8 3-13 3+12 01-5 2-10 01+1 03+4
00+4 00+8 1-21 01+1 00+5 01-7 >=~/ \S\S \S\S /gx) {m/(
\d+) (.+) /x,, vec$ J,$p +=$2 ,8,= $c+= +$1} warn $J,,
| |
| Jonathan Paton 2005-03-27, 8:55 pm |
| > ...
>
> Yes, i got the root access and need to modify the
> smb.conf from a non-root account.
>
>
> This is true, because i'm making a script to create
> new printers automagically in the samba: when
> you install a new CUPS printer, the script create
> this printer in smb.conf.
Interesting... it stuck me that perhaps someone had already
come up with a solution:
http://www.linuxprinting.org/kpfeif...-Chapter-7.html
as a result of searching for "CUPS Samba" on google. It is
amazing what google can find.
>
> Yes, i had consider this option too, maybe this can be the better
> solution, but what do you say about a C wrapper?
Depends on your knowledge of C security issues.
A carefully written C wrapper is going to be more secure than a
carefully written Perl script.
Jonathan Paton
--
#!perl
$J=' 'x25 ;for (qq< 1+10 9+14 5-10 50-9 7+13 2-18 6+13
17+6 02+1 2-10 00+4 00+8 3-13 3+12 01-5 2-10 01+1 03+4
00+4 00+8 1-21 01+1 00+5 01-7 >=~/ \S\S \S\S /gx) {m/(
\d+) (.+) /x,, vec$ J,$p +=$2 ,8,= $c+= +$1} warn $J,,
|
|
|
|
|