D
David Gale
At my office, we have a central file server which employees pull data from
to their own computers to work on. For QA purposes, we don't want them to
be able to modify the information on the file server except for when they're
pulling down/putting up the data.
I've got a perl script which runs through various checks to make sure
they're allowed to modify that data, and then uses 'system("scp"....)' to
pull the data down. Once it is verified to have reached their system, it is
removed from the server (ensuring one copy of the data exists).
What we'd like to do is set the directories on the server to be
non-executable, and have the download script chmod it right before the copy.
Problem is, the employee most likely will not be the owner of the directory
at the point of copy request.
We've thought of a couple of options, none of which seem ideal. One would
be to do:
system("ssh $user@$server unlock $dir");
system("scp $user@$server:$dir")
which would work (unlock being a program that runs as root and issues the
chmod command), but would require the user to type in their password twice.
To get around that, I thought to ask them for their password and then use
expect to do these two commands, but (having not used expect much), I can't
figure out how to tell if the scp is successful or not.
Any help (either in coming up with a better solution, or in getting expect
to work) would be appreciated!
Thanks,
-D.
PS: I'm sure someone's going to suggest setting up ssh keys for passwordless
access, but our sysadmin doesn't want to do that, since that would give
anyone who managed to crack one box passwordless access to the server.
to their own computers to work on. For QA purposes, we don't want them to
be able to modify the information on the file server except for when they're
pulling down/putting up the data.
I've got a perl script which runs through various checks to make sure
they're allowed to modify that data, and then uses 'system("scp"....)' to
pull the data down. Once it is verified to have reached their system, it is
removed from the server (ensuring one copy of the data exists).
What we'd like to do is set the directories on the server to be
non-executable, and have the download script chmod it right before the copy.
Problem is, the employee most likely will not be the owner of the directory
at the point of copy request.
We've thought of a couple of options, none of which seem ideal. One would
be to do:
system("ssh $user@$server unlock $dir");
system("scp $user@$server:$dir")
which would work (unlock being a program that runs as root and issues the
chmod command), but would require the user to type in their password twice.
To get around that, I thought to ask them for their password and then use
expect to do these two commands, but (having not used expect much), I can't
figure out how to tell if the scp is successful or not.
Any help (either in coming up with a better solution, or in getting expect
to work) would be appreciated!
Thanks,
-D.
PS: I'm sure someone's going to suggest setting up ssh keys for passwordless
access, but our sysadmin doesn't want to do that, since that would give
anyone who managed to crack one box passwordless access to the server.