1

I have an Amazon (AMI) Linux EC2 instance running on AWS. I'm create a perl script that will create directories when it is called through a web url (CGI script).

However, because the browser is executing the script, the user apache is running the perl script. Because apache is not allowed to do mkdir command without using sudo none of the directories are being created.

I've modified the scripts permissions to execute (755) via the browser, however none of the mkdir commands work.

I even tried using the sudo command within the perl script, but I have no luck. However, all of the non sudo commands work such as 'cd' etc.

If anyone knows how to resolve this issue I would appreciate it.

Stephan Walters
  • 343
  • 2
  • 13
  • Also i checked my error logs.. It says sudo: sorry, you must have a tty to run sudo – Stephan Walters Apr 24 '14 at 19:40
  • You will want to lock down this URL endpoint carefully to avoid malicious use. Executing content from the user without inspecting it is the sort of vulnerability seen a lot in the first generations of CGI apps in the 90s. Good luck. – jjohn May 07 '19 at 14:34

1 Answers1

2

I've found the answer through searching.

The first thing you need to do is disable tty for the current user.. my web browser executes anything as the user 'apache' on the server.

So in my /etc/sudoers file i added

Defaults:apache !requiretty

Also i created a list of commands that I want apache to use without requiring the sudo password

Cmnd_Alias APACHE = /bin/mkdir, /bin/rmdir apache ALL=(ALL) NOPASSWD: APACHE

This allows only certain sudo commands to execute on my web server without requring the password.

NOTE: only open the /etc/sudoers file using the visudo command... DO NOT open it using just regular vim or nano because if you save it and theres an error it will **** your machine up and you may have to create a whole new server because any sudo commands wont execute.

u can specify your editor using visudo.. e.g

EDITOR=nano visudo

Stephan Walters
  • 343
  • 2
  • 13