Cfexecute challenge

hi,
here’s a question about resetting files permissions on Ubuntu with cfexecute.
directory: /home/myuser/mydir/myfiles.csv
current file permissions:
root:root *.csv
desired file permissions:
myuser:myuser *.csv
shell command:
chown myuser:myuser /home/myuser/mydir/myfiles.csv
running the above shell command at command prompt works fine.
however, turning it into a shell script named “mysh.sh” containing the following content:
chown myuser:myuser /home/myuser/mydir/myfiles.csv
(then run chmod a+r to set globally executiable )
then run the shell script, it faild to be executed sucessfully,
err msg: “Operation not permitted”
I could “sudo mysh.sh” and then supply root password,
However, I need to execute this shell script via cf’s cfexecute,
that is,

any idea?
thks

Put the sudo in the shell script:

echo <password> | sudo -S chown myuser:myuser /home/myuser/mydir/myfiles.csv

HTH

Side note: This is pretty insecure, obviously. I believe you can encrypt the password and pass the encrypted version to sudo but ymmv.

– Denny

1 Like

@ddspringle thanks for the idea. Yes, indeed I’m concerned about pwd. Just for the hack, how would we encrypt the pwd, I guess some algo that Ubuntu supports natively, would you mind pm me?

1 Like

Thank you, I’ll look into it.

The better way would be to allow the lucee group / user to manipulate the file (s) in question versus passing a password to the environment & hoping you never suffer a beach.

1 Like

Right. How via lucee code?

Why do you need to constantly change permissions on files?

Once permissions are set correctly, there should be no reason to constantly have to update file permissions.

Lets assume Lucee runs as “LuceeAPP” user with the group “LuceeAPP”
Lets assume that Lucee is intergrated with Apache, and Apache runs as “apache” in the group “apache”
Lets assume that “myuser” keeps touching, creating, modifying, downloading or whatever “myfiles.csv”

We will assume that FollowSymlinks is set in Apache configuration and that you are using some Debian version.

as root or sudo

ln -s /var/www/yourVhostorHTML/mydir /home/myuser/mydir/

That creates a link apache can follow and see

Next make sure that lucee, apache can manipulate that directory

usermod -a -G myuser apache
usermod -a -G myuser LuceeAPP

Now run your shell script using the path /yourwebroot/mydir/

1 Like

As for the manipulation of files via Coldfusion / CFML / Lucee

cffile & cfdirectory are the tags you could use.

Lucee docker image. let me think… thanks.