Discussions
Categories
Groups
Community Home
Categories
INTERNAL ENABLEMENT
POPULAR
THRUST SERVICES & TOOLS
CLOUD EDITIONS
Quick Links
MY LINKS
HELPFUL TIPS
Back to website
Home
Web CMS (TeamSite)
Impersonation?
mk2004
Hi,
I have a sequence of ipls(located in /local/bin/...)executed from a cgi script(located in /iw-bin/) using `$iwhome/local/bin/****.ipl`.
One of these ipls edits the dcr. How should I impersonate when calling this ipl? so that the dcr is shows with user stamp and not root.
Should I move these ipls to the iw-bin directory and use the wrapper or is there a better way to this?
Thanks
Find more posts tagged with
Comments
Johnny
your cgi should be called via the iw_cgi_wrapper.
so long as the cgi is running by the user, any external calls should also be executed by the same user.
John Cuiuli
Dwayne
If they are being run from a CGI, then all you should have to do is to make sure that the CGI is run as that user. That is, instead of using
http://myserver/iw-bin/mycgi.cgi
as your URL, use
http://myserver/iw-bin/iw_cgi_wrapper.cgi/mycgi.cgi
The CGI should now be run as the current user, which means that any child processes will ALSO be run as that user.
--
Current project: TS 5.5.2/6.1 W2K
mk2004
Sorry I quoted wrong earlier.
I am calling the cgi as /iw_cgi_wrapper.cgi/myCGI.cgi. Now in this cgi i am executing an ipl '$iwhome/iw-perl/bin/iwperl $iwhome/local/bin/****.ipl'.
From this ****.ipl a sequence of other ipls are executed. So should I move the ****.ipl to iw-bin folder and run $iwhome/iw-perl/bin/iwperl $iwhome/iw-bin/iw_cgi_wrapper.cgi/****.ipl?
Thanks
Dwayne
If you're running these scripts using
system
or backticks, then it shouldn't matter where they're located. They should run as whatever user the CGI handler is running as.
Unless of course they have the setuid bit turned on. In that case, the code will of course run as whatever user owns the script.
--
Current project: TS 5.5.2/6.1 W2K
Adam Stoller
As an aside -- you'll get better overall performance if you turn those other ipl scripts into modules and make calls to those modules from your CGI script rather then initiating a new shell process to run a new Perl process to run each of those scripts. Although there are some parts which can be debated - if you haven't read
this document
yet - you might check it out.
--fish
Senior Consultant, Quotient Inc.
http://www.quotient-inc.com
