Home
Web CMS (TeamSite)
upload script on Solaris
cari
Hi,
I am working on an upload script for loading attachments or images through the DCTs using cgi callout. The simple upload program in support of interwoven the (promptFileUpload.ipl/performFileUpload.ipl) does not work on solaris.
I wrote another script which first loaded the loaded the content to /tmp directory and then copied that to the workarea images directory. The load of file to /tmp directory works but the copy of file to the workarea does not work.
Another thing I noticed the uploaded file in /tmp directory had owner "iwui" and group "nobody" even though i used the iw_cgi_wrapper.cgi (I was expecting the file uploaded to have owner as the user logged in).
Teamsite vesrion 6.5
OS: Solaris
Please look into this issue and suggest any solutions.
Thanks
Find more posts tagged with
Comments
Migrateduser
I remember having done something very similar to this before. What if you were to not use the wrapper, but put a sticky bit on the script (owned by some master uid) and chmod the file after it's uploaded? I think I remember that working for me.
Dave
Current Environments:
(1,2) TS 6.5 on W2K3
(3) Vignette V7 Portal on Solaris 9
cari
Hi,
What do you mean by set sticky bit. Is it chown command to change user and group of the file.
Thanks
cari
Migrateduser
CORRECTION: FIsh is right, I was referring to something else when I mentioned sticky bit. That serves a different purpose, but what you want to look at is setuid, which is the chmod instruction mentioned above.
Dave
Current Environments:
(1,2) TS 6.5 on W2K3
(3) Vignette V7 Portal on Solaris 9
Edited by dave on 07/20/05 01:32 PM (server time).
Adam Stoller
It's not the "sticky bit" it's a "setuid" and/or "setgid" bit.
If memory serves it's:
chmod 4755 => setuid
chmod 2775 => setgid
chmod 6775 => setuid & setgid
That's for files
--fish
Senior Consultant, Quotient Inc.
http://www.quotient-inc.com
Adam Stoller
Tch, tch, tch Dave,
If you bothered to google it before posting - you would have found that the sticky bit is 't' not 's' - and it's for making sure that the program stays in memory - not to make it run as a particular user or group.
--fish
Senior Consultant, Quotient Inc.
http://www.quotient-inc.com
Migrateduser
THANKS FISH
I corrected my post above -- sometimes I mix up my terms, but the premise was there. The term was not.
Current Environments:
(1,2) TS 6.5 on W2K3
(3) Vignette V7 Portal on Solaris 9
cari
Hi,
Thanks for replying fast.
In my upload script program, I call an upload.ipl from the DCT and in upload.ipl I call fup.ipl . I have setuid for both upload.ipl and fup.ipl
Now when i call the script upload.ipl, I can bowse to the local directory of my computer and select the file and onSubmit I get an intenal server error and in the error logs I get
Insecure $ENV{PATH} while running setuid at /opt/Interwoven/Teamsite/iw-perl/vendor/lib/TeamSite/Config.pm line 93.
Premature end of script headers: /opt/Interwoven/Teamsite/httpd/iw-bin/fup.ipl
Please suggest.
Thanks
Cari
Adam Stoller
You're running into problems with setuid perl scripts - I suggest you search the web (devnet and beyond) for information on 'taint'.
--fish
Senior Consultant, Quotient Inc.
http://www.quotient-inc.com
awizardly
Unfortunately most posix based systems and perl have some strict requirements about what is allowed to be setuid. Generally perl does taint checking and will cause serious problems when you make a perl script setuid. This is the reason that TeamSite in fact uses a wrapper to run things like cgitasks. The wrapper is a program written in C that does the impersonation for the script itself. I have also found on solaris that it does matter what you set scripts permissions to. They will not allow scripted code to run setuid. Only compiled code.
Lee
Organic Inc
http://www.organic.com
