root perl script permissions

[alfie002]

Dear all,

I have created a perl script to run on a solaris platform. When the script runs, it calls the /usr/sbin/ping command to carry out connectivity checks to other devices.

The script is set to run with a custom user account/group. The file permissions are set for this script and these work fine. However, when I run the script and it attempts to run the /usr/sbin/ping command it falls over stating that only the root user may run this command.

Using the same user account I can run the ping command no problem. The script should run as the custom user using a crontab entry, however I have to run it using the root crontab. This is something that I don't want to do. I want to ringfence the script to the custom user account that I have created.

Any ideas why when running the script using the custom user account it's doesn't have permissions to run the /usr/sbin/ping command.

I have checked the permissions on the ping command and they are root/bin. I know that I could make the customuser part of the bin group, but what I don't understand is that I can run the ping command manually on the command with the custom user account, but when I execute the same script from the custom user account crontab, it fails on the permissions issue.

I appreciate that is is difficult to answer this type of question blindly but any help would be greatly appreciated.

Thanks and regards

Alf

 

[Mike042]

Please check the permissions of /usr/sbin/ping (not the ownership). They should be: r-sr-xr-x

Can you run the script manually whilst the current working directory is /tmp. Please post the actual error(s).

Thanks.

Mike

 

[mbrooks]

I assume that you are performing a system() call from within your perl script. Use the Net:ing module instead.

http://search.cpan.org/~bbb/Net-Ping-2.31/lib/Net/Ping.pm

M. Brooks

http://mbrooks.info

 

[alfie002]

Hello Mike042 and Mbrooks,

thanks for the posts.

Mike042, I will check the permissions and run from the /tmp directory. Post to follow...

Mbrooks,

I am using the Net:ing module, copy of the code posted below:

sub server_check {
$server_alive = 0;
$check_ip = Net:ing->new("icmp");
if ($check_ip->ping($data_servers,10)) {
print LogFile "Server_UP: $data_servers responding at $CurrentTime for log transfer\n";
#print "$data_servers is alive.\n" ;
$server_alive = 0;
}
else {
system_logger("Server_DOWN: $log_data_servers NOT responding at $CurrentTime for log transfer");
print LogFile "Server_DOWN: $log_data_servers NOT responding at $CurrentTime for log transfer\n";
}
$check_ip->close();

}

The code works ok whether I run it as root or the custom user, when run as the custom user, it cannot access the ping binary.

Thanks to date.

Alf

 

[Annihilannic]

Are you sure it's permissions and not PATH related? /usr/sbin is not normally in the PATH for jobs run from cron.

Annihilannic.

 

[alfie002]

Annililannic,

are you saying the PATH environment variable should include /usr/bin ?

Still this won't explaing why I can run the ping command with the custom user at the command line, yet not using the script !!!!

Thanks

 

[Annihilannic]

Ignore my original advice, it looks like Net:ing implements the ping itself, it doesn't appear to call the [b/usr/sbin/ping[/b] binary. In your original post you said "it attempts to run the /usr/sbin/ping command it falls over", however when I tested similar code I get:

[tt]$ /tmp/testping
icmp ping requires root privilege at /tmp/testping line 8
$[/tt]

So the restriction seems to be applied within the Perl code, and isn't related to the ping binary.

One option would be to setuid root the perl script, if you trust it, or use sudo to run it.



Annihilannic.