Secure remote shell
Peter Boosten
peter at boosten.org
Wed Nov 28 22:34:50 PST 2007
On Thu, November 29, 2007 06:23, Steve Bertrand wrote:
>> What other solution would you suggest to execute a shell remotely as
>> root, that could be automated in a script (no password required).
>
> - have information input into browser
> - have web server save information to server disk in non-executable format
> - have script (or admin) authenticate/authorize commands to be performed
> (recommend doing this manually for a while to ensure you capture as many
> escape type bugs as possible) - have commands via another script
> scrubbed/cleaned/tested - have cron perform commands at every X minutes
>
I once wrote a script for allowing certain persons to add user accounts on
a box:
they just had to create a csv file in a certain place on disk with a
certain name, something like this:
loginname;Full Name;action
where action would be: C (for create new user), D (for delete user), M for
creating a new pair of ssh keys.
A shell script executed from cron every half hour would then pick up that
file and do whatever actions specified in that script.
In the case of OP that file could be created (and transported through ssh)
by the user the web server runs with, while the local root account (if
applicable - in case of LDAP that isn't necessary anyway) does its
thing...
Peter
--
http://www.boosten.org
More information about the freebsd-questions
mailing list