When you execute your script it doesn't matter who owns it (except when using setuid which you can't for scripts anyway). The one thing that maters is who is executing it. So apache will execute the script and it will be considered "others": no permissions.
No, because the perl code (CGI script?) will be executed with the permissions of the apache user. However if you have apache user (or the user of your webserver or whatever is executing your code, if it is a daemon) is in the sudo file then you could do system("sudo cat /etc/shadow"); and that would work.
发布评论
评论(2)
你应该自己尝试一下。要了解它为什么不起作用:
/etc/shadow通常具有如下权限:当您执行脚本时,谁拥有它并不重要(除非使用 setuid ,您可以无论如何,不适用于脚本)。
重要的一件事是谁执行它。因此 apache 将执行该脚本,并且它将被视为“其他”:没有权限。
You should try it yourself. To understand why it doesn't work:
/etc/shadowusually has permissions like this:When you execute your script it doesn't matter who owns it (except when using setuid which you can't for scripts anyway).
The one thing that maters is who is executing it. So
apachewill execute the script and it will be considered "others": no permissions.不,因为perl代码(CGI脚本?)将在apache用户的权限下执行。但是,如果您的 sudo 文件中有 apache 用户(或者您的网络服务器的用户或任何正在执行您的代码的用户,如果它是守护进程),那么您可以执行 system("sudo cat /etc/shadow");那会起作用的。
No, because the perl code (CGI script?) will be executed with the permissions of the apache user. However if you have apache user (or the user of your webserver or whatever is executing your code, if it is a daemon) is in the sudo file then you could do system("sudo cat /etc/shadow"); and that would work.