creation of a website through which can access Linux server and where can execute some operations like executing scripts, firing up some commands. need some expert guidance with some concepts.just guide me how can i achieve through, i have goggled a lot unable to get the proper concepts or methods. or is it even possible.
Have you considered using something along the lines of VNC or SSH? As JNevill pointed out, either of these methods would be infinitely more secure. Also, consider using something like cron for scheduled jobs.
However, sometimes a webpage for running a program on a server may be acceptable. e.g. IoT project. To do this, you would setup an API page using a back-end language like PHP (recommended if you're using Linux). In the back-end language you would check your user credentials, and then run the command.
Some guidelines in doing this:
Never allow commands to be entered on the webpage, only allow tasks to be completed using controlled inputs like buttons, selectboxes and sliders. i.e. a button to get an Arduino to close your garage door, or a slider to dim/brighten a light bulb, or a button to start a program to index something, etc.
None of these "command buttons" should ever do anything harmful. i.e. delete a folder or file.
Related
Let's state a situation:
I have the possibility to run arbitrary commands on a server as an unprivileged user, through "unconventional means".
I do not have the possibility to login using ssh to that server, either as my unprivileged user or anything else. So I do not have currently a CLI allowing me to run any commands I would like in a "normal" way.
I can ping that server and nothing prevents me to connect to arbitrary ports.
I still would like to have a command line to allow me to run arbitrary command as i wish on that server.
Theoretically nothing would prevent me to launch any program as my unprivileged user, including one that would open a port, allow some remote user to connect to it and just forward any commands to bash, returning the result. I just don't know any good program to do that.
So, does any one know? I looked at ways to launch ssh_server as an unprivileged user but some users reported that recent versions of ssh_server do not allow that anymore. Actually I don't even need ssh specifically, any way to get a working CLI would do the trick. Even a crappy node.js program launching an http server would work, as long as I have a CLI (... and it's not excessively crappy, the goal is to have a clean CLI, not something that bugs every two characters).
In case you would ask why I would like to do that, it's not related to anything illegal ^^. I just have to work with a very crappy Jenkins server for which I'm not allowed to have direct access to its agents. Whoever is responsible for that server doesn't give a sh** about its users' needs so we have to use hacky solutions just to have some diagnostic data about that server (like ram, cpu and disk usage, installed programs, etc...). Having a CLI that I can launch some time instead of altering a build configuration and waiting 20 minutes to have an answer about what's going on would really help.
Thanks in advance for any answer.
So do you have shell access to the server at least once? E.g., during the single day of the month when you are physically present at the site of your client or the outsourcing contractor?
And if you have shell access then, can you or your sysmin install Cockpit?
It listens on port 9090.
You can then use the credentials of your local user and open a terminal window in your browser. See sidebar item "Terminal" on the screenshots of the cockpit homepage.
According to the documentation
Cockpit has no special privileges and doesn’t run as root. It creates a session as the logged in user and has the same permissions as that user.
In what environment should I write the code for the telegram bot so that it works even when the console is not running?
I tried to write code in an online environment, but when I turn it off, the bot does not work.
This depend from the OS you are using (es. Windows, Ubuntu 18.04 etc.), and also from which programming language and which version of it you are using (es. "python 3.6").
If you want to have the code always available to be executed, you need to put the script or the scripts in a server (a dedicated computer) always turned on,you can rent one online or you can do it and set up one by yourself , but this need some knowledge before, and depends on which kind of things you want from your server.
If you're still in the early stage of the bot-development i suggest you to use your localhost or local environment in general to test your work, in this way you can focus to one thing at time , useful especially in your first experiences in developing and coding. If it's not strictly necessary i would focus at one thing at time to learn better step by step.
Sorry about the really ambiguous question, I really have no idea how to word it though hopefully I can give you more detail here.
I am developing a project where a user can log into a website and book a server to run a game for a specific amount of time. When the time is up the server stops running and the players on the server are kicked off. The website part is not a problem, I am doing this in PHP and everything works. It has a calendar system to book a server and can generate config files based on what the user wants.
My question is what should I use to run the specific game server on the linux box with those config files at the correct time? I have got this working with bash scripts and cron, but it seems very un-elegant. It literally uses FTP to connect to the website so it can download all the necessary config files and put them in a folder for that game and time. I was wondering if there was a better way of doing this. Perhaps writing a program in C, but I am not sure how to go about doing this.
(I am not asking for someone to hold my hand and tell me "write this code here", just some ideas of a better way of approaching this problem)
Thanks so much guys!
Edit: The webserver is a totaly different machine. I would theoreticaly like to have more than one game server where each of them "connects" (at the moment FTP) to the webserver, gets a file saying what it has to do at a specific time and downloads any associated files then disconnects.
I think at is better suited for running one time jobs than cron.
For a better approach for the downloading files etc, you should give more details on your setup (like, the website and the game server, are they on the same machine? Or the same network? etc etc.
You need a distributed task scheduler. With that, you can:
Schedule command "X" to be run at a certain time.
Specify the machine (or ask it to pick a machine from a pool of available machines)
Webserver would send request to this scheduler via command line or via web service when user selects a game server and a time.
You can have a look at : http://www.acelet.com/super/SuperWatchdog/index.html
EDIT :
One more option :http://jobscheduler.sourceforge.net/
I have never tried modifying a web browser but is it possible to embed a program as a DOM element?
The simplest example would be to take that stupid Calculator program in Start>Applications and just place it in the top left hand corner of the browser. I don't need it to communicate with the browser, just sit there and be interactive.
What I really need is ssh access via a terminal (ie. Putty or Linux command line) but I don't want to use Anyterm or Ajaxterm which is incredibly slow. Similarly I don't want to force the user to open a new terminal. Although functionally it would be the same, it doesn't look or feel the same.
I'm sure there's a way to do this, I just have no idea where to start looking.
Cheers
In principle, it is possible. You would use some program which will be executed by some browser plugin (or other browser-specific mechanism) - or do this fully in JavaScript.
Possible mechanisms would be Flash (which will be executed by the browser's Flash plugin), or a Java applet (which will normally be executed by the Java plugin, though some browsers (like Konqueror) have their own way of embedding Java applets).
For client SSH access with a terminal, done in Java, an almost ready solution would be JCTerm, together with JSch (both from JCraft).
I have a UI app (uses GTK) for Linux that requires to be run as root (it reads and writes /dev/sd*).
Instead of requiring the user to open a root shell or use "sudo" manually every time when he launches my app, I wonder if the app can use some OS-provided API to get root permissions. (Note: gtk app's can't use "setuid" mode, so that's not an option here.)
The advantage here would be an easier workflow: The user could, from his default user account, double click my app from the desktop instead of having to open a root terminal and launch it from there.
I ask this because OS X offers exactly this: An app can ask the OS to launch an executable with root permissions - the OS (and not the app) then asks the user to input his credentials, verifies them and then launches the target as desired.
I wonder if there's something similar for Linux (Ubuntu, e.g.)
Clarification:
So, after the hint at PolicyKit I wonder if I can use that to get r/w access to the "/dev/sd..." block devices. I find the documention quite hard to understand, so I thought I'd first ask whether this is possible at all before I spend hours on trying to understand it in vain.
Update:
The app is a remote operated disk repair tool for the unsavvy Linux user, and those Linux noobs won't have much understanding of using sudo or even changing their user's group memberships, especially if their disk just started acting up and they're freaking out. That's why I seek a solution that avoids technicalities like this.
The old way, simple but now being phased out, is GKSu. Here is the discussion on GKSu's future.
The new way is to use PolicyKit. I'm not quite sure how this works but I think you need to launch your app using the pkexec command.
UPDATE:
Looking at the example code on http://hal.freedesktop.org/docs/polkit/polkit-apps.html, it seems that you can use PolicyKit to obtain authorization for certain actions which are described by .policy files in /usr/share/polkit-1/actions. The action for executing a program as another user is org.freedesktop.policykit.exec. I can't seem to find an action for directly accessing block devices, but I have to admit, the PolicyKit documentation breaks my brain too.
So, perhaps the simplest course of action for you is to separate your disk-mangling code that requires privileges into a command-line utility, and run that from your GUI application using g_spawn_[a]sync() with pkexec. That way you wouldn't have to bother with requesting actions and that sort of thing. It's probably bad practice anyway to run your whole GUI application as root.
Another suggestion is to ask the author of PolicyKit (David Zeuthen) directly. Or try posting your question to the gtk-app-devel list.