Execution problem unix commands in Perl CGI

I am trying to run SSH , mkdir and other unix commands using Perl CGI. But i am not able to Execute these commands.
Please help me out !!!!
SSH and mkdir is necessity for me.
I will be thankful to you...!!!!!
I am trying like:
In perl CGI file i am writing like: @list = `ssh username@machinename 'ls /global/directory_name'`;

In what way does it "not work"? What is the code which is "not working"?

From another thread:

---------- Post updated at 10:41 AM ---------- Previous update was at 10:39 AM ----------

Is ssh configured to login without a password, there? You'll probably need to tell it what key files to use with ssh -i /path/to/key. You'll need to give the key the right permissions so the webserver can read it, too.

---------- Post updated at 10:43 AM ---------- Previous update was at 10:41 AM ----------

You may also find it useful to redirect standard error into standard output so you can see error messages from shell programs instead of them all being swallowed by the web server. Unfortunately, while trivial in a shell exec 2>&1 , that's extremely difficult in perl.

---------- Post updated at 10:52 AM ---------- Previous update was at 10:43 AM ----------

"right permissions" so a webserver can read it would probably be 0600 or 0400, owned by apache:root

i am running command like: system("mkdir dirname") and @array= `ssh username@machinename 'ls directoryname'` in demo.pl. which is fine.

If i run the same commands in demo.cgi in web browser then these commands are not working..
PLease help me out...

Your CGI script gets run as the user apache, probably, which isn't you.

This means:

• It won't be running in /home/myusername
• It won't have a decent PATH, so won't find lots of common commands
• It won't have permissions to mkdir /home/myusername/newfolder
• It won't try /home/myusername/.ssh/id_dsa for passwordless logins
• It won't have permission to read /home/myusername/.ssh/id_dsa anyway
• You won't see your error messages since the CGI interface diverts them all into /dev/null
• You may not be able to get them back because perl is extremely bad at redirection

I repeat. system() isn't an alternative to shell scripting. system() is an entire, real shell. System is actually the same shell you were hoping to avoid by using perl!

You are running shell scripts.

You are loading entire bourne shells, running single 'mv file1 file2' commands in them, quitting entire shells, then doing it again, over, and over, and over. You are running, potentially, dozens or hundreds of tiny, individual, shell scripts.

And you're running them in an especially slow, wasteful, and bug-prone way, having to tiptoe around perl to get the raw text you wanted into and out of the shell. You can't even get your error messages!

If you post your perl code, I'll show you how to do it in a shell script, and show you how to do it in a way that will work in CGI.

Buddy i am just doing like:
In Demo.pl #This is working well on the Unix terminal which is fine.
#!/usr/bin/perl
system("mkdir -p /dirname/dirname"); # it is creating directory which is fine.
@array = `username@machine_name 'ls dirname'`; # It is giving list of files available on this directory

In Demo.cgi #this is not working well.
#!/usr/bin/perl
use CGI qw(:standard)
system("mkdir -p /dirname/dirname"); # it is not creating directory which is fine.
@array = `username@machine_name 'ls dirname'`; # It is no tgiving list of files available on this directory
@arr = `ls dirname`; # it is working fine
In Demo.html # in this html i am calling Demo.cgi which is not executing ssh & mkdir
<html><head><title>Demo Form</title></head>
<body><form action="Demo.cgi" method="GET">
Enter some text here:
<input type="text" name="sample_text" size=30><input type="submit"><p></form>
</body></html>

Please Give me any solution what should i do... i am almost pissed off with it.. Plezzz.

---------- Post updated at 11:29 PM ---------- Previous update was at 11:28 PM ----------

I have shown you some piece of code which i need no fix ... please give me some solution.

We are not here 24/7. If you don't get an answer immediately, wait!

Thanks for posting your code. Finally, finally, I can answer some of your questions.

#!/usr/bin/perl
system("mkdir -p /dirname/dirname"); # it is creating directory which is fine.
# ??? Did you forget an 'ssh' in front?
@array = `username@machine_name 'ls dirname'`; # It is giving list of files available on this directory

#!/usr/bin/perl
use  CGI qw(:standard)

# Since you're using system(), which runs inside /bin/sh, you need to
# set a better PATH so the shell can find commands.
$ENV{PATH}="/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin";

# Before apache can write to this directory, you'll need to do this as root:
# chown :apache /dirname
# chmod g+w /dirname
system("mkdir -p /dirname/dirname"); # it is not creating directory which is fine.
# ??? did you forget an 'ssh' in front?
# To run ssh, and get it to work passwordlessly, apache will need access to an id_dsa or id_rsa file somewhere.
# You should create a copy of it and put it somewhere only apache can read.  The file should be owned
# by apache:root.  Then chmod 0400 filename so only apache can read it.  then, when you use ssh, you have to
# tell ssh where it is, like ssh -i /path/to/apache_id_dsa
@array = `username@machine_name 'ls dirname'`; # It is no tgiving list of files available on this directory
@arr = `ls dirname`; # it is working fine

---------- Post updated at 12:24 PM ---------- Previous update was at 12:19 PM ----------

And since your code is nothing but tightly stretched shrinkwrap over 99% shell script, you could also try this CGI script:

#!/bin/sh

PATH="/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin";

# Show error messages.
exec 2>&1 

mkdir -p /dirname/dirname

ssh username@host ls dirname

ls dirname

Exactly the same thing as yours, with the shrinkwrap removed, and error messages preserved.

No I am not forgetting ssh there i am creating directory in local Unix machine.
I didn't get exactly your answer.
# chown :apache /dirname ## i didn't gat apache here what does it means here.
# chmod g+w /dirname
where i have to do these actions :
On terminal or in the .cgi script ?

what is the alternative for SSH. I just want to get list of files from there ???

But what is the username@host at the beginning for? That command won't work.

$ username@machine_name 'ls dirname'
bash: username@machine_name: command not found
$

apache is the file group. apache needs write permissions to the folder to mkdir inside it. so you change the group to apache, and give apache write-access.

In terminal. You only need to do it once.

You don't need an alternative to ssh. You need to give ssh the things it needs to work without a password. It'd also help to run ssh in the first place.

You did get ssh working without a password, yes? If not, you're going to have to do so, because there's no way for a user to interactively type in a password over CGI.

i want to do it via webpage . Is your script would be able to call via .html file ?

---------- Post updated at 12:08 AM ---------- Previous update was at 12:04 AM ----------

one thing i want to ask more. that for SSH . what to do with id_rsa files and how. actually i dont know about this thing.
and where to place and what to place so that apache can read???
Can you give me an example.???

I know you want to do it via webpage. That's why you have to worry about all these permissions -- the script is being run by the webserver, not by you. It can only access things belonging to the apache group or the apache user. It it doesn't have access to your files, folders, or keys. If you make them belong to apache, or create copies belonging to apache, it can access those.

Please answer my questions so I can help you.

Please can you illustrate rsa_id concept so that i can understand what to do????

That depends on what you've done already. Did you set up passwordless SSH for your user, or not?

what is the username@host at the beginning for? That command won't work.

And all the other questions I asked and received no answer for.

I'm not asking questions to piss you off, I'm asking questions because I need the answer to help you. Please answer my questions so I can help you.

Yes yes SSH i forgot....
The exact command is:
@array = `ssh username@machine_name 'ls dirname'`; # It is no tgiving list of files available on this directory
sorry i misunderstood you ques.

Thank you. Now answer my other questions too.

Yes i have done already passwordless access.It means when i run this command on unix terminal it dont for password.
On terminal i run like:
ssh username@machinename 'ls dirname' ##it never promp me for password

Good.

ssh uses your ~/.ssh/id_rsa file to log in without a password. The server you want into compares that with a key you gave it. ssh is extremely particular about who is allowed to read this file -- for your webserver to use it, it needs its own copy that belongs to it and can't be read by anybody else. If it thinks the security is lax enough for the key to be stolen, ssh will refuse to operate passwordlessly.

In a root terminal, do this once:

# Create a safe place for apache to get the key.
mkdir /etc/apache-key
# Make sure it belongs to the web server.
chown apache:apache /etc/apache-key
# Copy the key.
cp /home/username/.ssh/id_rsa /etc/apache-key
# Make it belong to apache and nobody else.
chown apache:apache /etc/apache-key/id_rsa
# Make sure ONLY the apache can read it.
chmod 0400 /etc/apache-key/id_rsa
# Make sure ONLY apache can even get in.
chmod 0700 /etc/apache-key

It might be id_dsa instead of id_rsa, but dsa keys are old now.

Then, in your cgi script, you would run ssh -i /etc/apache-key/id_rsa username@host ls /dir/ and, if everything's where it belongs and has the right permissions, ssh should be able to get in without a password.

buddy i am not sure that i will be able to do these keys operation. So plz give me best commands with little description. i would be very thankful to you.
So after this would i be able to do SCP operation??

---------- Post updated at 12:33 AM ---------- Previous update was at 12:32 AM ----------

yes you are right it is id_dsa .

If you don't have root access, it's going to be difficult to get keys with the right permissions. You might have to ask an administrator to do it for you.

Yes, scp is part of ssh and uses the same keys. scp -i /etc/apache-keys/id_dsa ...

i know root password even.?

---------- Post updated at 12:42 AM ---------- Previous update was at 12:40 AM ----------

is my password will be seen by every one ???

And i know root password even i have sudo access also. Can you illustrate Keys process and commands what i have to do on terminal now buddy ?

What? No. All you're doing is making the right folders and copying the right files into the right place with the right permissions. You do it once, in private, typing it into a root terminal for your webserver. It's not part of your CGI script, and your CGI script itself never needs root.

Sure.

# Create a safe place for apache to get the key.
mkdir /etc/apache-key
# Make sure it belongs to the web server.
chown apache:apache /etc/apache-key
# Copy the key.
cp /home/username/.ssh/id_rsa /etc/apache-key
# Make it belong to apache and nobody else.
chown apache:apache /etc/apache-key/id_rsa
# Make sure ONLY the apache can read it.
chmod 0400 /etc/apache-key/id_rsa
# Make sure ONLY apache can even get in.
chmod 0700 /etc/apache-key