On Thu, Aug 23, 2001 at 02:58:23PM +0200, Emmanuel Lacour wrote:
>
> Hi,
>
> I wan't to get some opinions on doing this:
>
> Making someone to be able to create unix users by an http method (from an http browser).
> Making someone to be able to restart a daemon under the identity of root from http.
>
>
> I think about some methods:
>
> Running a cgi or system() under php
> +
> -use "super" to run the program
> -making the programs needed setuid root (baaaahh)
> -Sending a mail to the root containing specials header. A cron will inspect the root mailbox and execute commands as root, or a procmailrc?
> -Another idea more secure??
>
Sounds like you're getting into doing "normal" remote admin of a box.
But why over HTTP ? If you have network connectivity to it, ssh should
do the job (ssh in as yourself and su/sudo to root?).
If you can get to via HTTP (e.g. you're behind some company firewall?),
then httptunnel might help. YMMV. But if you can get SSH over HTTP
running, you should be able to use all the existing tools. Better than
writing new tools from scratch...
Failing everything else, you *could* use the email method. I guess that
some (big?) procmail recipe should be able to call a script that:
- de-crypts the mail and verifies that it is *your* signature (you
weren't going to do things in plaintext, where you?)
- executes any command
- sends stdout/stderr back (encrypted again of course).
But doing this for interactive commands would be .... difficult...
<tangent>TCP/IP over email anyone?</tangent>
--
Karl E. Jørgensen
karl@jorgensen.com
www.karl.jorgensen.com
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
Attachment:
pgp541qkap41n.pgp
Description: PGP signature