On 18.10.2013 15:35, Pol Hallen wrote: > Howdy :-) > > I searching for what is the way to create a gui interface for my scripts > ("security web-gui"). > > So, a script could be something like this (execute by root user): > > #!/bin/bash > # pr.sh > /etc/postfix reload > > So, I must create a gui do "reload postfix service"
/bin/sh will be a little less load on the system, not that it matters. I would put the script in /usr/local/sbin or something like that, owned by root and not writable by anyone else. Then add a line in /etc/sudoers that allows www-data to run just that script and without any options. %www-data ALL=(ALL) NOPASSWD: /usr/local/sbin/postfix_reloader "" The "" is important because it disallows any other parameters, not that your script should use them. > I can write a php script like this: > > <?php > $output = shell_exec('/root/bin/.pr.sh'); > echo "<pre>$output</pre>"; > ?> > > But I'm afraid about security issue I've also ssl on apache web. > > What is the best way to create a "web security gui"? Using post/put > apache commands? using php code? > > Thanks for help! The easiest thing is to make sure there no user-submitted data can be passed on to the system and no system output can be passed on directly to the user. Use if-then statements, case statements, and even scrubbing via regex if it is necessary to pass data. Also, if these are maintenance scripts, you might want to put them behind TLS and a password http://httpd.apache.org/docs/2.2/howto/auth.html Ignore guides that tell you to put authentication in .htpassword. That advice is for people without access to the web server's configuration file. Regards, /Lars -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/52612e96.5040...@gmail.com