How do you pass authentication on the command line?
Alex Rice
alex at mindlube.com
Fri Feb 6 16:06:45 EST 2004
On Feb 6, 2004, at 1:19 PM, Ken Ray wrote:
>> chmod a+x some-script.mc
>> chmod +s some-script.mc
>>
>> Now some-script.mc should run as "ken", even if the web server is
>> running the script as the user "www".
>
> That worked really well, Alex...
Glad it worked! Apache suExec would be a better solution though.
Be warned that suid scripts are convenient, but can be dangerous on a
multiuser system. If you don't trust everyone who has shell accounts on
your machine, beware! It you trust them, or there aren't any then it
should be fine. See
<http://www.pi.infn.it/html/cgisecdef.html#auto_7.5>
<http://www.w3.org/Security/Faq/wwwsf4.html#CGI-Q20>
There is utility called CGIWrap which is just a tiny suid C program to
launch your shell script- which avoids various security problems with
suid scripts.
> I was able to do this via Terminal and
> everything works fine now. Now I noticed that this was using bash and
> not tcsh; Panther automatically used bash in Terminal, but Jaguar was
> using tcsh and I had to run bash separately before I could apply your
> changes above.
I think Jaguar did not ship with bash installed. Can't remember for
sure. In Panther bash is the default shell.
I guess tcsh must put some limits on suid bit setting, probably
relating to the security issues I mentioned.
> So two questions:
>
> 1) If I were to want to run the script above from Rev, how would I
> concatenate multiple commands in a single shell()?
Use semicolon to separate commands
chmod a+x some-script.mc ; chmod +s some-script.mc
Or if you want to run the 2nd script only if the 1st succeeds use an
AND operator &&:
chmod a+x some-script.mc && chmod +s some-script.mc
> 2) If the OS is currently running tcsh, how would I add invoking bash
> before the script lines above using shell()?
set the shellCommand to "/bin/bash" -- or wherever
On Panther, /bin/sh is the same as /bin/bash
Try put shell("env") to see what shell is running, and other
environment variables.
If you didn't want to change the shellCommand, you could do it like on
the command line like
/bin/bash -c "commands here"
But using the shellCommand seems easier.
--
Alex Rice | Mindlube Software | http://mindlube.com
More information about the use-livecode
mailing list