Re: Secure remote shell

---

• From: Steve Bertrand <iaccounts@xxxxxxxxxx>
• Date: Thu, 29 Nov 2007 00:23:45 -0500

---

What other solution would you suggest to execute a shell remotely as
root, that could be automated in a script (no password required).

- have information input into browser
- have web server save information to server disk in non-executable format
- have script (or admin) authenticate/authorize commands to be performed
(recommend doing this manually for a while to ensure you capture as many
escape type bugs as possible)
- have commands via another script scrubbed/cleaned/tested
- have cron perform commands at every X minutes

Dirty, but it works. Just ensure that your input variables are very
clean during the request, and their storage.

All this said, I have an environment that may *semi* relate to what you
are doing.

It appears you are running your mail with sendmail on one box, RADIUS on
another, and perhaps your web interface on yet another. Is this correct?
Perhaps it's all on the same box...

Can you state:

- mail server software
- RADIUS software
- web interface (server) software

...assuming further, the web interface is custom right?

How many users do you have? How many support people? Perhaps you could
mail me off-list to discuss, as myself, and my support staff just went
through this last year, and are just finishing up the details.

Steve
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

---

• Follow-Ups:
  • Re: Secure remote shell
    • From: Wojciech Puchar
  • Re: Secure remote shell
    • From: Peter Boosten

• References:
  • Secure remote shell
    • From: Olivier Nicole

• Prev by Date: Re: Secure remote shell
• Next by Date: Re: Secure remote shell
• Previous by thread: Re: Secure remote shell
• Next by thread: Re: Secure remote shell
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: design question - web interface for shell script ... The Web server runs as 'nobody' which cannot be modified. ... But the server directory where the script ... web interface could write form imputs to a file. ... the output files get created by 'nobody' in ... (comp.unix.shell) Re: exporting variable from script 1 and using these variables in script 2 ... running the same script on the same server. ... the webserver (depending on the Apache installation nobody, www, webservd ... If run thru the web interface, the user accesses dir2/script2 thru the ... (comp.unix.programmer) Re: Same Internal Server Error from last two days ... I am trying to run a Hello World Perl Script in Apache 2.2. ... But its constantly giving me Internal Server Error.The script ... # have to place corresponding `LoadModule' lines at this location so the ... (perl.beginners) Re: Same Internal Server Error from last two days ... I am trying to run a Hello World Perl Script in Apache 2.2. ... But its constantly giving me Internal Server Error.The script Runs perfectly fine from the command prompt. ... # This is the main Apache HTTP server configuration file. ... LoadModule actions_module modules/mod_actions.so ... (perl.beginners) Same Internal Server Error from last two days ... I am trying to run a Hello World Perl Script in Apache 2.2. ... But its constantly giving me Internal Server Error.The script ... # have to place corresponding `LoadModule' lines at this location so the ... (perl.beginners)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Mailing-Lists  > FreeBSD  > questions  > 2007-11