ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm not sure what language I should use, although I am thinking PHP. I have numerous scripts on my server that I want to be able to execute remotely via a "staff" website on my website. These are scripts my admin staff need to be able to execute, but I dont want to give them command line access to actually execute them.
What I wanted to do is to place a button for each script on a password protected website, make it log who uses the button to execute the script, and once the button is pressed make a confirmation to execute then if yes actually execute the script. I am going to need some of these scripts to be executed as root, which is a big reason i dont want to give my other admin access to actually execute these scripts.
I am using apache webserver, have php and mysql capabilities, and am on a Suse Linux 9.1 Server.
It's definitely possible with what you have, but I really didn't see a question. Are you asking if you should use PHP. There are going to be positives and negatives to any scripting language and if at all possible, don't run them as root.
I would say there are several downsides to this web-based approach for performing the admin jobs.
First of all, if you want to have a password-protected web direcotry, you may have to use .htaccess. If it is the case, then the security is actually not that great.
Secondly if these users has accounts in Linux already, then you will bear the burden of adding the corresponding login to .htaccess. The passwords will not match on both sides. And you will have the weakness with .htaccess file
Of course, if your users always get authenicated using LDAP it will be an entirely different story.
I think there is a better way: you can allow the user to login a particular machine via ssh. Only from this machine you can execute a certain admin scripts.
Then u have these advantages:
1) ssh is more secure
2) better logging (unlike httpd , where user access record can be buried among numerous other error message)
3) You can modify the /etc/passwd such that they can only use some restricted shell or even a custom-made console menu to let them select an action.
My guess is that he was going web-based so administration would be available from remote locations, but I agree that he will have a host of security related problems. Not too many people care that much about security although they should. My place of work should take a lot more steps for security, but it isn't high priority yet.
Well, I think a custom-made console menu is probably a way to go. It took me some five mins to pull together this scripts...
Here is an example.
In /etc/passwd, says for user abc, we can put
Code:
abc:x:56647:56647::/home/abc:/opt/menu.py
here is the content of /opt/menu.py
Code:
#!/usr/bin/python
import curses
import os
class Command:
def __init__(self, k, d, c):
self.key = k
self.desp = d
self.command = c
def print_menu():
xpos = 0
for v in commands.values():
stdscr.addstr(xpos, 0, "[" + v.key + "] " + v.desp, curses.A_BOLD)
xpos = 1 + xpos
stdscr.addstr(xpos, 0, "[q] quit", curses.A_BOLD)
stdscr = curses.initscr()
curses.cbreak()
curses.noecho()
stdscr.keypad(1) # enable keypad mode
# MODIFY YOUR COMMAND HERE
commands = dict()
commands["1"] = Command("1", "Do A", "./a.sh")
commands["2"] = Command("2", "Do B", "b.sh")
# END
print_menu()
while 1:
c = stdscr.getch()
if c == ord('q') : break
if ( c >= 0 and c <= 255 and commands.has_key(chr(c)) ):
command = commands[chr(c)]
stdscr.addstr(10, 0, "To exec " + command.command + ", sure [y/n]?", curses.A_BOLD)
c = stdscr.getch()
if (c == ord ('Y') or c == ord ('y')):
os.system(command.command)
break
else:
stdscr.clear()
print_menu()
# end the session
curses.nocbreak()
stdscr.keypad(0)
curses.echo()
curses.endwin()
The menu is the interface for your user to choose and confirm. In the sample above, the a.sh and b.sh are the scripts that do the admin job and require root privilege.
When a user, says abc, login remotely via ssh, he/she will see such a screen:
======================================
[1] Do A
[2] Do B
[q] quit
======================================
He can either choose 1, 2 or q in this case.
Other control key should have no effect. Ctrl-D will terminate python and the connection is closed. Eliminate the risk someone may hijack the shell by 'breaking' it.
well, if there is a more secure way to do, we should try our best :-)
What fbfd1338 want to achieve is really bit too risky. I won't like to expose the power of root to the world this way.
Besides, the problem is some smart 'staff' will always exploit this kind of arrangement. I cannot think of any secure way if 1338 insists on doing it web-based...
Anyway it is kinda fun to draw up a python-based solution as above :-)
Thanks for responding...I like your idea with the custom shell, but I never would of thought of that alone. I might give that a whirl, but just for educational purposes now, I am still curious how a web based version of something similar might be done in say PHP. Internal security is not really the issue, I am worried about the others having full access to the shell in root because of their lack of experience in linux I dont want anything broken. I figured if I could have a script run that would do the work for them it wouldn't cause the problems of them trying to remember how to do it and screwing something up. Thanks alot guys for the input.
Problem.....I do everything right, and I know I did it right because on my test server I have done it and it works great. Now I am trying it on my main server, and it appears the Python Module Curses is not installed. Being completely lost when it comes to Python my question is, is there a way to just install the 'curses' module to python?
Little weird here, on my developement machine when I type the command you just gave, I get no result. On my production machine when i run the same command I get this as a result:
python-2.3.3-88.9
apache2-mod_python-3.1.3-37.6
It's not listing anything on my developement server and that is the one it works on?
It is really strange. Maybe you would be better off searching for solution in some python forum/mailing list.
Assuming you are installing both machine using fedora/redhat iso without building python from source yourself. By default the package will install the curses module.
It could be the module search path issue. (python -h for some information)
Just for curiosity sake, can anyone explain some other ways of doing this. Either doing web based like my origional plan or another way of making a custom shell?
You could use bash or any shell you want instead of python to accomplish the same things
but your not enough precise about what task you want to do remotely...
Please post the list of tasks you need so we can see what is the best way to do it
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.