Remote Permissions Problem

Discussion in 'Perl Misc' started by David Gale, Oct 21, 2004.

  1. David Gale

    David Gale Guest

    At my office, we have a central file server which employees pull data from
    to their own computers to work on. For QA purposes, we don't want them to
    be able to modify the information on the file server except for when they're
    pulling down/putting up the data.

    I've got a perl script which runs through various checks to make sure
    they're allowed to modify that data, and then uses 'system("scp"....)' to
    pull the data down. Once it is verified to have reached their system, it is
    removed from the server (ensuring one copy of the data exists).

    What we'd like to do is set the directories on the server to be
    non-executable, and have the download script chmod it right before the copy.
    Problem is, the employee most likely will not be the owner of the directory
    at the point of copy request.

    We've thought of a couple of options, none of which seem ideal. One would
    be to do:
    system("ssh $user@$server unlock $dir");
    system("scp $user@$server:$dir")

    which would work (unlock being a program that runs as root and issues the
    chmod command), but would require the user to type in their password twice.
    To get around that, I thought to ask them for their password and then use
    expect to do these two commands, but (having not used expect much), I can't
    figure out how to tell if the scp is successful or not.

    Any help (either in coming up with a better solution, or in getting expect
    to work) would be appreciated!

    Thanks,
    -D.

    PS: I'm sure someone's going to suggest setting up ssh keys for passwordless
    access, but our sysadmin doesn't want to do that, since that would give
    anyone who managed to crack one box passwordless access to the server.
     
    David Gale, Oct 21, 2004
    #1
    1. Advertising

  2. David Gale

    David Gale Guest

    Quoth Jon Ericson <>:
    > "David Gale" <> writes:
    >
    >> PS: I'm sure someone's going to suggest setting up ssh keys for
    >> passwordless access, but our sysadmin doesn't want to do that, since
    >> that would give anyone who managed to crack one box passwordless
    >> access to the server.

    >
    > This isn't really a perl question you know -- you're likely to get
    > better advice from an ssh or security group. I would have suggested
    > using ssh keys (which is how I've solved this sort of problem). Maybe
    > ssh-agent would help, though I haven't needed to use it myself.
    >
    > Jon


    True, this aspect of it isn't specifically a perl problem. However, my
    current attempt is to use Perl::Expect; I'm just not sure how to tell if the
    process completes successfully--does expect give you access to the exit
    value of the process once its terminated? How do you access it?

    This question, at least, seems to be group-appropriate. Perhaps I wasn't
    clear enough in my original post.

    -D.
     
    David Gale, Oct 22, 2004
    #2
    1. Advertising

  3. David Gale

    Jon Ericson Guest

    "David Gale" <> writes:

    > Quoth Jon Ericson <>:
    >> "David Gale" <> writes:
    >>
    >>> PS: I'm sure someone's going to suggest setting up ssh keys for
    >>> passwordless access, but our sysadmin doesn't want to do that, since
    >>> that would give anyone who managed to crack one box passwordless
    >>> access to the server.

    >>
    >> This isn't really a perl question you know -- you're likely to get
    >> better advice from an ssh or security group. I would have suggested
    >> using ssh keys (which is how I've solved this sort of problem). Maybe
    >> ssh-agent would help, though I haven't needed to use it myself.


    > True, this aspect of it isn't specifically a perl problem. However, my
    > current attempt is to use Perl::Expect; I'm just not sure how to tell if the
    > process completes successfully--does expect give you access to the exit
    > value of the process once its terminated? How do you access it?


    I don't know anything about the Expect module, but I imagine if you
    posted a self-contained example and mentioned how the results differed
    from your expectations, you'd get a response from someone who does.
    You could also try the mailing list for this module:

    http://lists.sourceforge.net/lists/listinfo/expectperl-discuss

    Personally I would think this approach is at least as hazardous as
    using ssh keys.

    Jon
     
    Jon Ericson, Oct 22, 2004
    #3
  4. "David Gale" <> wrote in message news:<>...

    > True, this aspect of it isn't specifically a perl problem. However, my
    > current attempt is to use Perl::Expect; I'm just not sure how to tell if the
    > process completes successfully--does expect give you access to the exit
    > value of the process once its terminated? How do you access it?
    >
    > This question, at least, seems to be group-appropriate. Perhaps I wasn't
    > clear enough in my original post.


    Expect gives you access to the exit status of the program that it ran
    via the exitstatus method. However, if you're running a command on a
    remote system, you don't have direct access to that command's exit
    status. You can instead get that status through the remote access
    program you're using, such as:

    use Expect;
    my $ssh = Expect->spawn('ssh',$host,'/bin/true');
    $ssh->expect(10,
    [qr/word:/ => sub {
    my $exp = shift;
    $exp->send($mypassword."\n");
    exp_continue } ],
    ['eof' => sub {
    my $exp = shift;
    $exit = $exp->exitstatus << 8;
    print "Exit stauts: $exit\n" } ] );
     
    Aaron Sherman, Oct 23, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Scott Allen
    Replies:
    0
    Views:
    467
    Scott Allen
    Jul 13, 2004
  2. darrel
    Replies:
    0
    Views:
    301
    darrel
    May 23, 2006
  3. Curt K
    Replies:
    0
    Views:
    589
    Curt K
    Nov 3, 2006
  4. Replies:
    0
    Views:
    336
  5. Tim Chandler
    Replies:
    0
    Views:
    237
    Tim Chandler
    Oct 7, 2003
Loading...

Share This Page