Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 12th November 2009, 20:12
cento_claus cento_claus is offline
Junior Member
 
Join Date: Nov 2009
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default CentOS 5.3 apache sudo "can't set runas group vector"

Hi,

I'm running out of ideas (and of forum threads to try), so here is my problem:
I want to create a web page using perl to configure a router.
The router is going to be used to limit bandwidth to some IPs and also to block some IPs.
I'm using Centos 5.3 which comes with httpd and suexec pre-installed.
The command I want to use are "route add -host ..." and "tc filter ...", these commands can only be run as root.

So far here's what I've been trying:
1. Make suexec executable:
chmod a+x /usr/sbin/suexec
chmod a+s /usr/sbin/suexec

2. Set "user" and "group" to the desired user ("test") in httpd.conf

3. Add my user ("test") to the sudoers:
echo "test ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers

3. Make my perl scripts executable in /var/www/bin-cgi/

4. Start apache
/sbin/service httpd start

Here is my script:

#!/usr/bin/perl -T
use CGI;
use strict;
delete @ENV{qw(IFS CDPATH ENV BASH_ENV PERL5SHELL)};
$ENV{PATH} = "/usr/bin/:/usr/local/bin";

my $query = new CGI;
foreach my $field (sort ($query->param)) {
foreach my $value ($query->param($field)) {
print "$field: $value<br/>";
}
}

my $command = "id";
my $res = qx/$command/;
print "Result Whoami=$res<br/>";

my $ip = $query->param('addressIP');
if ( $ip =~ /^(.*)$/ ) { # to update: to check $ip
$ip = $1;
print "IP = $ip<br/>";
my $command = "/sbin/route add -host $ip reject";
#my $command = "sudo /sbin/route add -host $ip reject";
print "Command: $command<br/>";
my $res = qx/$command/;
print "Result=$res<br/>";"/sbin/route add -host $ip reject"
} else {
print "Sorry, thatís not a valid ip\n";
}

########################################
When running the script, the user is indeed "test", but for some reason, either command "/sbin/route add -host $ip reject" or "sudo /sbin/route add -host $ip reject" won't be executed.

Does anybody know what I'm missing?

Thanks
Reply With Quote
Sponsored Links
  #2  
Old 13th November 2009, 14:40
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: LŁneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
 
Default

Have you tried the full path to sudo in your script?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
freebsd 7, samba 3, domain controller alexdimarco Suggest HOWTO 6 5th November 2010 16:54
have the problem with mydns on CentOS 5.3 x86_64 thaibinhtt Installation/Configuration 1 26th May 2009 08:59
FTP cannot open remote folder!?! andysm849 Server Operation 23 16th October 2008 23:34
Can't start apache Musty Server Operation 12 9th March 2008 13:58
ubuntu ispconfig joomla .htaccess steve1084 General 8 6th January 2007 15:55


All times are GMT +2. The time now is 08:11.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.