Sudo - Perl extension for running a command line sudo
use Sudo; my $su; $su = Sudo->new( { sudo => '/usr/bin/sudo', sudo_args => '...', username => $name, password => $pass, program => '/path/to/binary', program_args => '...' } ); $result = $su->sudo_run(); if (exists($result->{error})) { &handle_error($result); } else { printf "STDOUT: %s\n",$result->{stdout}; printf "STDERR: %s\n",$result->{stderr}; printf "return: %s\n",$result->{rc}; }
Sudo runs commands as another user, provided the system sudo implementation is setup to enable this. This does not allow running applications securely, simply it allows the programmer to run a program as another user (suid) using the sudo tools rather than suidperl.
Warning: This module does not make your code any more or less secure, it simply uses a different mechanism for running as a different user. This requires a properly configured sudo system to function. It has all the limitations/restrictions of sudo. It has an added vulnerability, in that you may need to provide a plain-text password in a variable. This may be attackable. Future versions of the module might try to address this.
This module specifically runs a single command to get output which is passed back to the user. The module does not currently allow for interactive bidirectional communication between the callee and caller. The module does not spool input into the callee.
The new function creates a new object instance and sets the attributes of the object as presented in a hash form. Relevant attributes are formed as key => value pairs in a hash as follows:
new
Name of the user that will be used to run the command. Equivalent to the -u username option to sudo. Note: You may use #uid rather than the username.
-u username
#uid
Fully qualified path to sudo. No whitespace allowed. This should be a single continuous string with path separators, and should include the sudo binary file name. E.g. under various Linux, this attribute might be set as sudo = '/usr/bin/sudo'>.
sudo =
Any additional sudo arguments you would like to use for the program you are trying to run.
Fully qualified path to program binary you wish to run. No whitespace allowed. This should be a single continuous string with path separators, and should include the program binary file name.
Arguments to pass to program you wish to run.
The run_sudo function first checks the attributes to make sure the minimum required set exists, and then attempts to execute sudo without shell interpolation. You will need to take this into account in case you get confusing failure modes. You may set the debug attribute to 1, 2, or 3 to get progressively more information.
run_sudo
The object will return a hash. The hash will have state information within it. If the C'error' key exists, an error occured and you can parse the value to see what the error was. If the run was successful, C'stdout' key exists, and its value corresponds to stdout output from the program run by sudo. Similarly the C'stderr' key will exist for a successful run, and the value corresponds to stderr output from the program run by sudo. The C"rc" key will also be defined with the programs return code.
I/O currently this is a fancy way to run a command as another user without being suid. Eventually it may evolve to have IO:: goodness, or similar functionality.
sudo(8), perl(1)
Joe Landman, landman@scalableinformatics.com, http://scalableinformatics.com
Copyright (C) 2004 by Scalable Informatics LLC
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8 or, at your option, any later version of Perl 5 you may have available.
To install Sudo, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Sudo
CPAN shell
perl -MCPAN -e shell install Sudo
For more information on module installation, please visit the detailed CPAN module installation guide.