[7738] in Perl-Users-Digest
Perl-Users Digest, Issue: 1363 Volume: 8
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Mon Nov 24 20:07:14 1997
Date: Mon, 24 Nov 97 17:00:23 -0800
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Mon, 24 Nov 1997 Volume: 8 Number: 1363
Today's topics:
Re: Convert an array to hash? <stevem@ny.ubs.com>
Re: Cron (Jeremy D. Zawodny)
Cross-platform user-interface commands <pr1@club-internet.fr>
Re: Finding the longest common prefix over a list of st <markm@nortel.ca>
Re: Finding the longest common prefix over a list of st (Tushar Samant)
Re: Help grep! (Ryujiy)
Re: Help grep! (Ryuji Yokoyama)
How secure is Perl for Win32 under IIS 3.0 and WinNT4.0 (Myrddin)
Re: How to execute CGI script written in perl on NT ser (Jonathan Feinberg)
Re: How to: push (condition ? @this : @that),$value; (Toutatis)
Re: interpreted languages <dima@duti515a.twi.tudelft.nl>
Re: maintain unique elements in an array? no duplicates (Andrew M. Langmead)
multi line pattern matchin <leichtl@mro.dec.com>
Re: Newbie having RE problems. (Jonathan Feinberg)
Perl for DOS or 16 Windows (Robert Brody)
Re: ref to typeglob and filehandles (Charles DeRykus)
Re: Safe use of flock() -- was Re: giving up on flock <markm@nortel.ca>
Re: security questions <bruno@prior.ftech.co.uk>
Re: security questions <jamesr@aethos.co.uk.nospam>
Digest Administrivia (Last modified: 8 Mar 97) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Mon, 24 Nov 1997 11:29:13 -0500
From: Stephen Miano <stevem@ny.ubs.com>
Subject: Re: Convert an array to hash?
Message-Id: <3479AB59.1263D810@ny.ubs.com>
grep($hash{$_}++, @Array);
designky wrote:
I am wondering is there an easy way to convert an array to hash with the array
> values be the keys, and assign 1's to the hash values.
>
> what i really want is to do this:
> %hash = split(/ /,$line)
> is there an easy to split and put in a hash?
>
> -----------------------------------------------------------------------------
> Kang Soon Lai skang_at_nori.lips.net | "If there is any religion that would
> http://www.tisl.ukans.edu/~skang/ | cope with modern scientific needs
> (913) 385 5481 | it would be Buddhism."
> Software Engineer | --Albert Einstein
--
------------------------------------------------------------
Stephen G. Miano 212-821-6028
stevem@ny.ubs.com
stevem@esm.com
------------------------------
Date: Sun, 23 Nov 1997 22:16:16 GMT
From: jzawodn@wcnet.org (Jeremy D. Zawodny)
Subject: Re: Cron
Message-Id: <3478ab1c.166323290@woody.wcnet.org>
[original author automagically cc'd via e-mail]
On Sun, 23 Nov 1997 14:39:41 -0600, Todd Smith
<nospam.tbsmith@mindspring.com> wrote:
>Can someone tell me what this is, how to use it, and where to get it?
Cron?
Try 'man cron' at Unix shell prompt.
Jeremy
--
Jeremy D. Zawodny jzawodn@wcnet.org
Web Server Administrator www@wcnet.org
Wood County Free Net (Ohio) http://www.wcnet.org/
------------------------------
Date: Mon, 24 Nov 1997 15:03:15 +0200
From: Philippe de Rochambeau <pr1@club-internet.fr>
Subject: Cross-platform user-interface commands
Message-Id: <34797B11.DDDE73C4@club-internet.fr>
Does anyone know if Larry Wall plans to release cross-platform user-interface
commands for Perl any time in the near future?
Philippe de R.
------------------------------
Date: 23 Nov 1997 16:58:24 -0500
From: Mark Mielke <markm@nortel.ca>
Subject: Re: Finding the longest common prefix over a list of strings
Message-Id: <lq17m9zxofz.fsf@bmers2e5.nortel.ca>
abigail@fnx.com (Abigail) writes:
> Tushar Samant (scribble@shoga.wwa.com) wrote on 1545 September 1993 in
> ++ >Perl's regex is *still* faster than Ilya's algorithm though, but only
> ++ >by a few percent.
> Let's analyze it a bit further, before we drop to conclusions, shall we?
> ++ >So, now there's a different question. Given the fact that this new
> ++ >algorithm is just about as fast as the regex approach, which would you
> ++ >rather use/maintain? Here's the regex again:
> ++ > (join(',', @words).',') =~ /^(\w*)\w*,(\1\w*,)*$/;
> [ cool interesting proof that in theory Ilya's algorithm is much faster ]
> Clearly, Ilya's algorithm beats the regex hands down.
> I am almost certain that with a bit more careful analysis, I would
> be able to proof that Ilya's algorithm (with Tushar's suggestion) is
> linear (and hence optimal) in the size of the input.
I think the difference is that the regexp code is written in optimized C.
Ilya's may be more efficient in theory, but in practice it may be the same
speed (or a tad slower) because it is written in interpreted perl.
What about if Ilya's algorithym was implemented in an XS code? :-)
> Any program that needs to be maintained probably needs to be
> efficient too. So, there would be no place for the regex.
> (The regex is much cuter though.)
This is true. I particularly foundthe:
perl -wle 'print "Prime" if (1 x shift) !~ /^1?$|^(11+?)\1+$/'
at the end of your posts intriguing... but after thinking about it
for a while i realized that although it may be efficient for the first call,
it doesn't do any prime number caching for the second, third etc. call...
so it's kinda useless :-)
> No need for a benchmark I would say.
If you want raw speed... the benchmark way IS the way to go :-) If you
care about maintenance/portability/etc... stick to the theory and use
algorithyms that have a much clearer/obvious approach. You may not be
the last maintainer of your code... :-)
> Abigail
> --
> perl -wle 'print "Prime" if (1 x shift) !~ /^1?$|^(11+?)\1+$/'
hehehe that's cool :-)
mark
-- _________________________
. . _ ._ . . .__ . . ._. .__ . . . .__ | Northern Telecom Ltd. |
|\/| |_| |_| |/ |_ |\/| | |_ | |/ |_ | Box 3511, Station 'C' |
| | | | | \ | \ |__ . | | .|. |__ |__ | \ |__ | Ottawa, ON K1Y 4H7 |
markm@nortel.ca / al278@freenet.carleton.ca |_______________________|
------------------------------
Date: 23 Nov 1997 16:23:18 -0600
From: scribble@shoga.wwa.com (Tushar Samant)
Subject: Re: Finding the longest common prefix over a list of strings
Message-Id: <65aacm$qus@shoga.wwa.com>
abigail@fnx.com writes:
>Tushar Samant (scribble@shoga.wwa.com) wrote on 1545 September 1993 in
><URL: news:65877a$39f@shoga.wwa.com>:
>++ kfox@ford.com writes:
>++ >For everybody else, here's my implementation of Ilya's algorithm:
>++
>++ How about benchmarking with some kind of check here?
>
>How about trying to *analyze* both algorithms?
I agree with the analysis. The reasons for suggesting benchmarking
are different.
The check I suggested will make a difference depending on what the
specific sample of inputs is. If the "typical" sample consists of
words where the first two or three already have no common prefix,
then the loop will abort regardless of the size of the list. Bench-
marking is one way of getting a hold on this kind of statistical
characteristic.
We could make further refinements -- for instance, if you get a
word which is shorter than the prefix so far, you chop the prefix
down by several characters at once, OR for instance you make a
pass (still linear) and start with the shortest word -- etc etc,
but it becomes less and less clear just how much these refinements
accomplish for an input population we don't know much about.
Agreed, the regex restarts the "loop" every time the prefix gets
smaller, and the prefix gets smaller only in steps of 1. So in bad
cases (e.g. a list of 101 words which are the decreasing substrings
of a 100-letter word) it will do a horrible job getting to the
common prefix "".
But that brings up two points: 1) what are all these constants--we
are imagining that the regex engine is going through a loop similar
to ours, but surely a "single operation" in that "loop" doesn't cost
the same. 2) Once again, what sort of population is it being sicked
on--if all it ever did any one time was about 20 words of length 7
on average, benchmarking becomes pretty much the only method of
comparison.
BTW I suggested "chop" not because I think substr is more expensive
(I have no idea if it is), but because it's easier to read:
$len = length($string); $len--;
$string = substr($string, 0, $len);
vs
$len = length($string); $len--;
chop $string;
------------------------------
Date: 24 Nov 1997 16:30:59 GMT
From: ryujiy@aol.com (Ryujiy)
Subject: Re: Help grep!
Message-Id: <19971124163000.LAA22200@ladder01.news.aol.com>
Thanks for replying and sorry about that my words were too poor. I meant I did
not get any result, so I checked variable using debugger. The value of variable
was undef, but the string definitely existed.
Thanks
Ryuji
------------------------------
Date: Mon, 24 Nov 1997 16:28:20 GMT
From: rqy1319@is4.nyu.edu (Ryuji Yokoyama)
Subject: Re: Help grep!
Message-Id: <347aa9b0.6080633@netnews.nyu.edu>
Thanks for replying and sorry about that my words were too poor. I
meant I did not get any result, so I checked variable using debugger.
The value of variable was undef, but the string definitely existed.
Thanks
Ryuji
On Sun, 23 Nov 1997 10:31:36 -0600, tadmc@flash.net (Tad McClellan)
wrote:
>Ryujiy (ryujiy@aol.com) wrote:
>
>: I am a beginner and have a quesiton. I want to search a string from a file, so
>: I tried to use UNIX's grep command.
>
>: $string = `grep "ABC" filename`
>
>: However, it did not work,
> ^^^^^^^^^^^^^^^
>
>Uhh. What does that mean?
>
>Did not compile?
>Compiled with warnings (since all good Perl programmers use the -w switch)
>Compiles but won't run.
>Runs but appears to do nothing.
>Runs but does not do the right thing
>Runs but finds too few matches
>Runs but finds too many matches
>Gets stuck in an infinite loop
>Treats all of the lines as a single string.
>Finds only the last match in the file
>Dumps core
>Something else?
>
>
>: so how can I pass parameters to grep command? Or is
>
>As you did above should work fine (though the double quotes are not needed,
>and a semicolon at the end of the statement is needed (usually)).
>
>
>: there any better way to accomplish this task? In my final vaersion of program
>: both "ABC" and filename must be variables
>
>: Thanks! I apprecieate any advice.
>
>
>Try putting the results into an array instead, or tell us what the
>hell 'did not work' means.
>
>Diagnosing a problem without being told the symptoms is futile...
>
>
> @ABCs = `grep "ABC" filename`;
------------------------------
Date: Sat, 22 Nov 1997 22:17:55 GMT
From: #my din#@pobox.com (Myrddin)
Subject: How secure is Perl for Win32 under IIS 3.0 and WinNT4.0? (Luddites at work gotta know!)
Message-Id: <65aact$kqd$1@opus.anet-stl.com>
I have used Perl for year and am entirely convinced that properly
administered, perl is one of the safest and most useful tools in
existence today.
However, I am trying to convince the sysadmin folks (I am a developer)
at work that Perl is safe to put on the new WindowsNT 4.0 webserver so
we can setup some Perl scripts to streamline our webpages (among other
things). Nothing fancy, no setuid scripts. They have some idea that
Perl will enable a user to write to the registry accidentally or on
purpose, and they have restricted those permissions (even for us
developers).
I am looking for something (prefereably a memo from a well-known
company or agency) that can help prove to them that Perl is safe. And
I am looking for the necessary notes about what actions are necessary
to make Perl safe on NT (I have used it mostly on Unix).
I have checked the www-security-faq and did not find what I wanted in
the Perl Win32 FAQ either. Any help would be appreciated. Please
email me at the address below!
Thanks.
--------------------------------------
Myrddin myrddin@pobox.com
AKA Ken McAfee Computer Consultant
Daugherty Systems mcafeek@daugherty.com
http://www.daugherty.com
--------------------------------------
------------------------------
Date: Mon, 24 Nov 1997 09:10:12 -0500
From: jdf@pobox.com (Jonathan Feinberg)
Subject: Re: How to execute CGI script written in perl on NT server?
Message-Id: <MPG.ee354d16867920898968c@news.concentric.net>
drive@mbox4.singnet.com.sg said...
> Am new in writing CGI scripts and therefore need help badly in advising me
> how to execute my script written in perl on an Windows NT server......
I see that other people have answered your original question, but...
> $basedir = "g:\\drive\\cgi-bin";
Oof! Forget those evil backslashes. Also, you'll want to get out
of the habit of using " when you mean ' .
$basedir = 'g:/drive/cgi-bin';
Perl knows which OS you're using, and is smart about directory separators.
IMHO, the forward slash is more programmer-legible than the escaped backslash.
--
Jonathan Feinberg jdf@pobox.com Sunny Manhattan, NY
------------------------------
Date: 23 Nov 1997 23:27:24 GMT
From: toutatis@no.mail.please (Toutatis)
Subject: Re: How to: push (condition ? @this : @that),$value;
Message-Id: <toutatis-ya023180002411970027240001@news.euro.net>
Salve J Nilsen <devnull@nvg.org> wrote:
> what about....
>
> push(($condition ? @this : @that), $value);
try it
--
Toutatis
------------------------------
Date: 22 Nov 1997 18:05:40 +0000
From: Dima Pasechnik <dima@duti515a.twi.tudelft.nl>
Subject: Re: interpreted languages
Message-Id: <872008iz2h.fsf@twidima.twi.tudelft.nl>
"Steven D. Majewski" <sdm7g@Virginia.EDU> writes:
>
>
> On Fri, 21 Nov 1997, Steven D. Majewski wrote:
>
> >
> > No Python content, but all of you language benchmarking fans
> > out there might want to look at:
> >
> > Timing Trials, or, the Trials of Timing:
> > Experiments with Scripting and User-Interface Languages
> > (10/13/97)
> >
> > Brian W. Kernighan
> > Christopher J. Van Wyk
> >
> >
> > http://cm.bell-labs.com/cm/cs/who/bwk/interps/pap.html
> >
> >
> > Tcl, Perl, Awk, Limbo, Java, MIT Scheme, VB, compared to each other and C.
> >
I found this paper not too accurate as far as Scheme is concerned.
Apparently they didn't use a good implentation.
I tried a couple of their tests (Array and Ackerman function) with
Scheme48 and found that it performs as good as Limbo, or even better.
As well, their discussion sometimes mixes up definition of the language
and implementational issues (e.g they claim that absense of buffered I/O
make Scheme I/O-performance suffer. But isn't this the feature of an
implementation rather than the language?)
D.Pasechnik at twi dot tudelft.nl
------------------
PS. My runs (on a 100MHz Pentium under Linux) of the array test:
bash-2.00$ scheme48 -h 6000000
Welcome to Scheme 48 0.48 (made by dima on Sat Nov 15 00:18:33 GMT 1997).
Copyright (c) 1993, 1994 by Richard Kelsey and Jonathan Rees.
Copyright (c) 1996 by NEC Research Institute, Inc.
Please report bugs to scheme-48-bugs@martigny.ai.mit.edu.
Type ,? (comma question-mark) for help.
> ,bench
Will compile some calls in line
> (define n 200000)
(define x (make-vector n))
(define y (make-vector n))> >
> (define (test1)
(do ((i 0 (+ 1 i)))
((= i n) #t)
(vector-set! x i i))
(do ((j (- n 1) (- j 1)))
((< j 0) #t)
(vector-set! y j (vector-ref x j)))
)
> ,time (test1)
Run time: 2.65 seconds; Elapsed time: 2.71 seconds
#t
> ,time (test1)
Run time: 2.64 seconds; Elapsed time: 2.64 seconds
#t
----------------------------------------------------------------
The Ackerman function test:
bash-2.00$ scheme48 -h 6000000
Welcome to Scheme 48 0.48 (made by dima on Sat Nov 15 00:18:33 GMT 1997).
Copyright (c) 1993, 1994 by Richard Kelsey and Jonathan Rees.
Copyright (c) 1996 by NEC Research Institute, Inc.
Please report bugs to scheme-48-bugs@martigny.ai.mit.edu.
Type ,? (comma question-mark) for help.
> ,bench
Will compile some calls in line
> (define (ack m n)
(cond ((= m 0) (+ n 1))
((= n 0) (ack (- m 1) 1))
(else (ack (- m 1) (ack m (- n 1))))))
>
> ,time (ack 3 7)
Run time: 4.76 seconds; Elapsed time: 4.78 seconds
1021
> ,time (ack 3 7)
Run time: 4.74 seconds; Elapsed time: 4.74 seconds
1021
------------------------------------------------------------------
I don't have enough RAM to do (ack 3 8) without the computer swapping :(
------------------------------
Date: Sun, 23 Nov 1997 22:04:27 GMT
From: aml@world.std.com (Andrew M. Langmead)
Subject: Re: maintain unique elements in an array? no duplicates?
Message-Id: <EK4DBH.BFB@world.std.com>
Jon Turner <jt@cs.pdx.edu> writes:
>Is it possible to maintain an array that will always have non-redundant
>elements in it?
You might be able to do what you want with hashes. Hashes are
key/value pairs, and if you assign the same key to a hash, it
overwrites its previous corresponding value. You can use the "keys"
function to return all of the keys of a hash when you want to access
them as a list.
The drawback is that hashes don't maintain their order.
And example:
open NAMES, "names.txt" or die;
while(defined($name = <NAMES>)) {
chomp($name);
$list{$name} = 1; # maybe $list{$name}++ if you want a count of occurances
}
close NAMES;
for $name (keys %list) {
print "$name\n";
}
--
Andrew Langmead
------------------------------
Date: Sun, 23 Nov 1997 21:33:09 -0500
From: "Hans Leichtl" <leichtl@mro.dec.com>
Subject: multi line pattern matchin
Message-Id: <65ap1f$aer$1@mrnews.mro.dec.com>
Hi,
i have not done too much perl so far, so sorry if this is a rtfm.
i would like to write a script that replaces parts of a file (or deletes
parts).
my problem is that the parts are spanning multiple lines.
is there a way to do this 'quickly' in perl or do i have to write the loops
for matching the whole search pattern myself (i.e. comparing line by line if
i actually get the complete part i'd like to rip out of the file?)
thanks a bunch.
hans
------------------------------
Date: Mon, 24 Nov 1997 09:02:33 -0500
From: jdf@pobox.com (Jonathan Feinberg)
Subject: Re: Newbie having RE problems.
Message-Id: <MPG.ee353048f2f3b8998968b@news.concentric.net>
robin@highway1.com.au says:
> "ALBANY HIGHWAY "
> "ALBANY HWY "
> "NORTH ALBANY HIGHWAY "
>
> This would give me a list of words such as HWY, HIGHWAY, ST, ROAD etc,
It's not exactly clear what you want; is it the last word on every line?
while(<>)
{
my($last_word) = /(\S+)\s*$/;
$street_words{$last_word}++;
}
--
Jonathan Feinberg jdf@pobox.com Sunny Manhattan, NY
------------------------------
Date: Sun, 23 Nov 1997 21:39:18 GMT
From: rabrody@earthlink.net_NOSPAM (Robert Brody)
Subject: Perl for DOS or 16 Windows
Message-Id: <3478a14d.9974160@news.earthlink.net>
I have DOS 6.22 and 16 bit Windows (Windows for Workgroups 3.11) on my
home computer. I would like to familiarize myself with Perl at the
beginner's level and I was wondering if there's a DOS or 16 bit
Windows interpreter available for download. I've been checking
various Perl resources sites but thus far haven't found anything
accordingly. If such exists and someone would point me to it, I'd
much appreciate your input. Thanks.
------------------------------
Date: Sun, 23 Nov 1997 21:59:01 GMT
From: ced@bcstec.ca.boeing.com (Charles DeRykus)
Subject: Re: ref to typeglob and filehandles
Message-Id: <EK4D2E.9I0@bcstec.ca.boeing.com>
In article <34778D47.458F7793@sirius.com>,
Jim Bowlin <bowlin@sirius.com> wrote:
> snipped
>
> Thanks for the response. There are two problems with this:
>
> 1) I am using the same routine to read from a socket and from a file so
> I _have_ to pass a file handle to process(). In fact I am currently passing
> a string containing 'process' to a routine that creates an open socket so that
> I can timeout in case the socket stops sending me data.
>
> 2) The no strict block is pretty darn big and complicated. If it were a choice
> between having the system echo filenames on error and compiling the block
> strictly, then
> I would choose to give up the filename echo and keep my code strict.
>
> I will take your response as a vote that it can't be done.
>
I'm not sure I understand the ramifications of #1 but limiting
no strict blocks solely to offending lines, e.g.
{ no strict; open($file, $file) or ... }
might help with #2.
or, as suggested by Doug McNaught, you might pass an extra
string with the filename. Here's another way that might be
done:
...
&process(\*f, "/some/file");
sub process {
(local *f, my $f) = @_;
while (<f>) {
print or die "can't read from $f\n";
}
....
}
HTH,
--
Charles DeRykus
------------------------------
Date: 23 Nov 1997 17:14:49 -0500
From: Mark Mielke <markm@nortel.ca>
Subject: Re: Safe use of flock() -- was Re: giving up on flock
Message-Id: <lq1zpmvw946.fsf@bmers2e5.nortel.ca>
aml@world.std.com (Andrew M. Langmead) writes:
> Mark Mielke <markm@nortel.ca> writes:
> >aml@world.std.com (Andrew M. Langmead) writes:
> >> Mark Mielke <markm@nortel.ca> writes:
> >> >Oh yeah... Tom... I just found a section in the manpage that says that:
> >> > To avoid the possibility of mis-coordination, Perl
> >> > flushes FILEHANDLE before (un)locking it.
> >> > (man perlfunc - flock)
> >> but what if the flush fails?
> >If the flush() fails... how do you think the close() will succeed?
> >seriously :-)
> But if the close() fails then you still have the lock, and anything
> you do to handle the situation is done with the file still
> locked. If you unlock first, then close, and the close() fails, then other
> processes may try to lock the file, and then have their other file I/O
> calls (read/write/flush/close) fail as well.
Hmmm... interesting... i have never bothered checking to make sure that
close() succeeds. I think the reason i never do is because if the close()
DOESN'T fail... that's not your only problem? :-) i dunno.
Any ideas people? _SHOULD_ i be checking the return code of close() in
C + perl scripts?Let's just say i wrote my code like this:
--- CUT HERE ---
use Fcntl qw(:flock);
use IO::File;
sub log
{
my($path, $message) = @_;
my $handle = new IO::File($path, "a") ||
die "open of $path failed: $!\n";
flock($handle, LOCK_EX) ||
die "lock could not be obtained for $path: $!\n";
seek($handle, 0, SEEK_END) ||
die "seek-to-eof failed for $path: $!\n";
$handle->print($message);
# flock($handle, LOCK_UN) ||
# die "lock could not be released for $path: $!\n";
}
Yes or no for the flock(LOCK_UN) huh? As i said before... the return
value of close() is _rarely_ watched. And in this case it's
IO::File::DESTROY() that's doing all the work.
And let's say that i have _many_ things to log... should i continually
bother the OS opening and closing the file? or should i keep the
filehandle open for a period of time? I'm thinking that LOCK_UN is
provided for a purpose... just saying "don't use it" is kinda stupid.
And if you really cared... use syswrite() instead of stdio's (print).
mark
-- _________________________
. . _ ._ . . .__ . . ._. .__ . . . .__ | Northern Telecom Ltd. |
|\/| |_| |_| |/ |_ |\/| | |_ | |/ |_ | Box 3511, Station 'C' |
| | | | | \ | \ |__ . | | .|. |__ |__ | \ |__ | Ottawa, ON K1Y 4H7 |
markm@nortel.ca / al278@freenet.carleton.ca |_______________________|
------------------------------
Date: 23 Nov 1997 21:21:02 GMT
From: "Bruno Prior" <bruno@prior.ftech.co.uk>
Subject: Re: security questions
Message-Id: <01bcf855$fb2759e0$0201a8c0@prior.ftech.co.uk>
Laurel Shimer <autopen@autopen.com> wrote in article
<autopen-2211971825250001@dynamic12.pm03.mv.best.com>...
>
> Am I'm barking up the wrong tree?
Yes, for a number of reasons.
1. As I'm sure will be pointed out to you more agressively by others, this
message does not belong in comp.infosystems.www.authoring.html, although I
understand the temptation to post to this group because of the quality of
advice which is available there.
2. Your posting is hard to understand, as you give great detail about
solutions you have tried without giving much information about the specific
problem.
3. You can't do what you want with the sticky bit as it only applies to
directories (as you had noticed).
4. You want your CGI-scripts to open and process files and directories,
right? If you can move and change the ownership/permissions of these files,
then the solution is simple. Make sure your server is running as a unique
user (i.e. a user created purely for the purpose of running the server).
Change the owner of all the relevant files, scripts and directories to that
user. Change the file permissions to 600 for the files to be processed and
700 for the directories and scripts. Place each set of files which share
the same security level in their own directory and use .htaccess to control
access to it.
5. However, I guess the problem isn't as simple as that or you wouldn't
have needed to ask. Is it that the files have to stay where they are with
the ownership that they had originally? In that case, create a group for
each user whose files you want the scripts to be able to process. Each
group should contain only the user whose group it is and the user as which
your server runs (unique, as before). Chgrp each file or directory you want
to be accessible from the scripts to the name of the group you created.
Chmod 640 each file and 750 each directory or script. Now the web server
will be able to access all the necessary files without users other than the
owner being able to access the files directly.
6.But this still doesn't solve the problem of varying access permission to
the files depending on who is calling the script. If the files/directories
which each script opens are fixed, then simply group the scripts into sets
which offer the same access rights, and place each set in its own directory
with a .htaccess file to control access to the directory.
7. If the files which each script processes vary (according to the value of
the QUERY_STRING variable, for instance), then you've got a bigger problem.
I think this may be what you're trying to do, i.e. vary the response from
any one particular script to any one particular user according to a
parameter passed to the script. Is that right? In that case, you will have
to get each script to compare the UID of the user identified through
authentication, with the owner of the file to be opened. Assuming that a
script is subject to authentication (through .htaccess, or whatever) and
that the user names used to access the web site are the same as those in
the system passwd file, you could test for something like:
if ((stat(file_to_be_opened))[4] == (getpwnam($ENV{'REMOTE_USER'}))[2]) {
To broaden this out to check for groups of acceptable users, you could
adapt this to check whether the user belonged to the file's group:
$gid = (stat(file_to_be_opened))[5];
if ((getgrgid($gid))[3] =~ /\s$ENV{'REMOTE_USER'}\s/) {
Of course, you will still need to set up ownership, and permissions as in 6
above to make sure that, having checked that the user may access the file,
the server has permission to actually do so.
All of this may be completely inappropriate to your problem, but, as I say,
I couldn't really tell from your posting exactly what the problem was. The
basic point is that you can't control what user can access what files
through a web server by using file permissions. Every file accessed by the
server, or by a CGI-script run by the server, is accessed as the user under
which the server is run, no matter who is making the request to the server.
So to apply security more subtle than wholesale allowing or disallowing to
every user of access to a particular directory, you will need to use some
sort of server-based authentication such as .htaccess files.
If none of this helps, try posting (but not to ...authoring.html) more
details of what exactly you are trying to achieve.
Cheers,
Bruno Prior bruno@prior.ftech.co.uk
-------------
> I know this is Unix/cgi related but I think it is also perl related. So
> please don't give me that message you send the 'not-trying-to-think
> zombies'! I've been trying to use my brain as much as possible. Note: I
> have also been looking in newsgroup faq's as much as I can think to. No
> doubt this is somewhere in one and some kind soul will point me to it.
>
> I have been working on setting up (multiple levels) of security on an
> internal web application. My unix skills are so- so. I'm ok with basic
> commands and shell scripting but often use the wrong approach (my
> background is mainframes and minis and I sometimes tend to think wrong
and
> look up the wrong words).
>
> I recently realized that I was having a problem because likely the perl
> procedures, or as someone kindly explained to me in email
>
> "The proper file permission settings are very much system specific. The
goal of
> the script is to provide file access (through perl) which is disallowed
by the
> http server directly. If you are
> having problems, it is probably because perl and the http server are
operating
> with the same UID, meaning that you cannot set permission settings that
can
> differentiate between perl and the http server. There are a few ways
around
> this. The easiest way is to open up permission settings so that perl can
have
> access, but dissallow the servers access through an .htaccess file. If
your
> server does not use this sort of thing, you can also set the uid that the
> script runs with using the chown command, or you can run the script as
the
> owner with cgi-wrap.
>
> Chown sets the uid of the script. Some http servers set a default uid
for
> scripts that are launched by the server, often to user "nobody", so that
the
> script doesn't have any rights. If you set the uid of the perl script to
the
> owner, with the chown command, it will cause the running perl script to
have
> owner rights. This means that you could give files fewer permission
settings,
> perl could read the files, but the http server could not.
> "
>
> * I did figure out how to use an .htaccess file - but then realized since
> this was an INTERNAL web application that it didn't provide much
security.
> (Too bad my brain didn't think of that earlier!)
>
> So I've been trying to figure out how to use chown - because it sounds
> less awe inspiring than a C procedure. At least I have a UNIX book that I
> can look in for chown. I've been looking in the book and got the
> impression I should try using the sticky bit. But I have a feeling I may
> be barking up the wrong tree entirely.
>
>
> I attempted to set permissions for the directories and file I wanted the
> perl procedures to access using the sticky bit. Is this even the right
> approach? Anyway it didn't seem to work
>
> 1) I only saw the sticky bit show up for directories. Not for files (see
> permissions log below)
>
> 2) My test bombed anyway. The procedure runs okay when the file
> permissions are set as 775 but when set as shown below I get an 'unable
to
> open file' message - as I might expect if a perl scrirpt invoked from the
> web just couldn't get access.
>
------------------------------
Date: 24 Nov 1997 14:14:37 GMT
From: "James Richardson" <jamesr@aethos.co.uk.nospam>
Subject: Re: security questions
Message-Id: <01bcf8e3$6b485b60$26c0a4c1@kitkat.aethos.co.uk>
Bruno Prior <bruno@prior.ftech.co.uk> wrote in article
<01bcf855$fb2759e0$0201a8c0@prior.ftech.co.uk>...
> Laurel Shimer <autopen@autopen.com> wrote in article
> <autopen-2211971825250001@dynamic12.pm03.mv.best.com>...
> >
I got the impression that maybe the author of original post was getting
confused about chmod, and talking about making perl suid root.
This would make sense as they were talking about 'different users for perl
and for the http server', and would account for their mention of the sticky
bit
All of your suggestions I agree with, but I just wanted to add that making
perl suid root was __not__ the ideal solution for this problem.
Cheers
James Richardson
------------------------------
Date: 8 Mar 97 21:33:47 GMT (Last modified)
From: Perl-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 8 Mar 97)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
To submit articles to comp.lang.perl.misc (and this Digest), send your
article to perl-users@ruby.oce.orst.edu.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
The Meta-FAQ, an article containing information about the FAQ, is
available by requesting "send perl-users meta-faq". The real FAQ, as it
appeared last in the newsgroup, can be retrieved with the request "send
perl-users FAQ". Due to their sizes, neither the Meta-FAQ nor the FAQ
are included in the digest.
The "mini-FAQ", which is an updated version of the Meta-FAQ, is
available by requesting "send perl-users mini-faq". It appears twice
weekly in the group, but is not distributed in the digest.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V8 Issue 1363
**************************************
