GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
Sudo(3) User Contributed Perl Documentation Sudo(3)

Sudo - Perl extension for running a command line sudo 

  use Sudo;
  my $su;
  
  $su = Sudo->new(
                  {
                   sudo         => '/usr/bin/sudo',
                   sudo_args    => '...',                                  
                   username     => $name, 
                   password     => $pass,
                   program      => '/path/to/binary',
                   program_args => '...',
                  # and for remote execution ...

                  [hostname     => 'remote_hostname',]
                  [username     => 'remote_username']

                  }
                 );
   
  $result = $su->sudo_run();
  if (exists($result->{error})) 
     { 
       &handle_error($result); 
     }
    else
     {
       printf "STDOUT: %s\n",$result->{stdout};
       printf "STDERR: %s\n",$result->{stderr};
       printf "return: %s\n",$result->{rc};
     }

Sudo runs commands as another user, provided the system sudo implementation is setup to enable this. This does not allow running applications securely, simply it allows the programmer to run a program as another user (suid) using the sudo tools rather than suidperl. Suidperl is not generally recommended for secure operation as another user. While sudo itself is a single point tool to enable one user to execute commands as another sudo does not itself make you any more or less secure.

Warning: This module does not make your code any more or less secure, it simply uses a different mechanism for running as a different user. This requires a properly configured sudo system to function. It has all the limitations/restrictions of sudo. It has an added vulnerability, in that you may need to provide a plain-text password in a variable. This may be attackable. Future versions of the module might try to address this.

This module specifically runs a single command to get output which is passed back to the user. The module does not currently allow for interactive bidirectional communication between the callee and caller. The module does not spool input into the callee.

new
The "new" function creates a new object instance and sets the attributes of the object as presented in a hash form. Relevant attributes are formed as key => value pairs in a hash as follows:
username => $username
Name of the user that will be used to run the command. Equivalent to the "-u username" option to sudo. Note: You may use "#uid" rather than the username.
sudo => $sudo_binary
Fully qualified path to sudo. No whitespace allowed. This should be a single continuous string with path separators, and should include the sudo binary file name. E.g. under various Linux, this attribute might be set as "sudo =" '/usr/bin/sudo'>.
sudo_args => $sudo_args
Any additional sudo arguments you would like to use for the program you are trying to run.
program => $program
Fully qualified path to program binary you wish to run. No whitespace allowed. This should be a single continuous string with path separators, and should include the program binary file name.
program_args => $program_args
Arguments to pass to program you wish to run.
sudo_run
The "sudo_run" function first checks the attributes to make sure the minimum required set exists, and then attempts to execute sudo without shell interpolation. You will need to take this into account in case you get confusing failure modes. You may set the debug attribute to 1, 2, or 3 to get progressively more information.

The object will return a hash. The hash will have state information within it. If the C'error' key exists, an error occured and you can parse the value to see what the error was. If the run was successful, C'stdout' key exists, and its value corresponds to stdout output from the program run by sudo. Similarly the C'stderr' key will exist for a successful run, and the value corresponds to stderr output from the program run by sudo. The C"rc" key will also be defined with the programs return code.

I/O currently this is a fancy way to run a command as another user without being suid. Eventually it may evolve to have IO:: goodness, or similar functionality.

As this module depends upon IPC::Run, it has all the bugs/limitations of IPC::Run. Spaces in file names, executables, and other odd items which give IPC::Run fits, will give Sudo fits. We would like to fix this, but this requires fixing IPC::Run.

Insecurity as a bug. Security is not a product or feature. It is a process. If your systems are grossly insecure to begin with, using Sudo will not help you. Good security practice (not draconian security practice) is recommended across all systems. Basic common sense on services, file ownership, remote access, and so forth go a long way to helping the process. Start with the basics. Work from there.

sudo(8), perl(1), IPC::Run, a good book on locking down a system

Joe Landman, landman@scalableinformatics.com, <http://www.scalableinformatics.com>

Copyright (C) 2004,2005 by Scalable Informatics LLC

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8 or, at your option, any later version of Perl 5 you may have available.

2013-04-17 perl v5.32.1
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.