Hi all,

I want to create for my private use, a simple web interface to manage some easy task (useradd, userdel, passwd, etc...).

I have some basic knowledge of PHP; how can I realize this? PHP as module or CGI? Which is better in this case?
Thankyou

Better in this case is to implement webmin.
If unfamiliar, google for it.
We use it a lot!

From a security standpoint, you really don't want to implement root-level commands in a web interface unless you do like Webmin did and create a completely separate server infrastructure for it. Having your normal web server capable of accessing root-level commands is just asking for trouble.

Ok, but my web server is not world-accessible from Internet!
It's only for testing / studying

Boss,

CGI scripting is also best but
Go for PHP programming. And add .htaccess restriction and other firewall / TCP wrapper securities to access those .php pages.
http://phpterm.sourceforge.net
Google through it. U can get it.

As long as you realize that this kind of access isn't acceptable in the real world. Either CGI or PHP will do what you want, but you'll likely have to look into using sudo to get the commands to execute.

Hi THere,

I was involved in the creation of a web based front end for a third party telephony system (*Asterisk) running on linux.

Here are some code snippets ...

if(strstr($ID, 'dhcp'))
{
if($ID == 'dhcp_1') // DHCP
$command = '/usr/bin/sudo /usr/sbin/rcdhcpd start'; // /etc/init.d/dhcpd GENERIC
else if($ID == 'dhcp_2')
$command = '/usr/bin/sudo /usr/sbin/rcdhcpd stop';
else
$command = '/usr/bin/sudo /usr/sbin/rcdhcpd restart';

// run command
exec($command);

// run status check
exec('/usr/bin/sudo /usr/sbin/rcdhcpd status', $output, $return_var);
}


// another snippet
$command = 'rm -rf ' . $temp_folder;
exec($command);

// write to socket (authentication)
if($socket)
{
fputs($socket, "Action: Login\r\n");
fputs($socket, "UserName: " . ASTERISK_UNAME . "\r\n");
fputs($socket, "Secret: " . ASTERISK_SECRET . "\r\n");
fputs($socket, "Events: off\r\n\r\n");

// loop through output from Asterisk
$authentication_flag = false;
while ($buf = fread($socket, 512))
{
if(feof($socket))
break;

if(strstr($buf, "Response: Success"))
{
$authentication_flag = true;
break;
}

if(strstr($buf, "END COMMAND"))
break;
}

if($authentication_flag == false)
{
echo 'No Asterisk !';
die();
}
}

Is this poor practice ?

If so, then I would be curious to know web hosting companies provide web front ends to their linux based web hosts.
Surely they too must be running root commands using sudo ....

Any ideas ?

regards,

Steven Matthews

I think the answer to this depends upon how they've implemented the front end and how sudo is used. If they have limited sudo access to the commands needed to administer the system, then they probably have an acceptable risk. The thing they should be defending against is someone compromising the web server and then having system access as that user. If they've given blanket sudo privileges, then there is the potential for real trouble. In your first snippet, you're using sudo to run rcdhcpd. If your sudoers file limits the web users access to just that command, then it is probably OK. Someone compromising the web server would only have root acces to rcdhcpd, which hopefully won't allow them to escalate.

Hi again,

Web development has progressed more and more into the realm of web applications where LAMP technologies are really being taken to their limit.

I would like to know more about how linux servers can be configured and how to communicate with 3rd party backend tools (like Asterisk, see snippets above) BOTH using a web interface. For example CISCO devices like routers can be configured from web pages and the commonly used Plesk panel (Web Hosting Control Panel) offers considerable opportunity for backend manipulation.

Short of using the sudoers file and opening socket connections what other avenues exist and what would be considered the
most secure ?

regards,

Steven Matthews

The problem isn't the use of a web interface for doing admin work, the problem is keeping the admin work separated from the "normal" work such that a compromise of the normal activities doesn't allow access to the admin functions. Look at Webmin as an example. It has a reasonable web interface for lots of admin work, but it is completely and totally separted from the normal Apache stack. Webmin uses its own server and runs under a different user. Similarly the CISCO interface is intended only for admin work, and there isn't the ability to use a router as a general purpose web server. Where people get into trouble is when they try to use the normal LAMP stack to do admin functions. There is one thread around here where the sysadmin gave the apache user full root rights so that he could run a couple of admin commands in a web interface. That means that if the LAMP stack gets compromised (say through a poorly written PHP site), the attacker now has full root privileges and essentially owns the machine.

1 members found this post helpful.

As per Hangdog, some stuff like CISCO or Cups (Linux printer daemon) actually don't use the std full Apache server.
Instead, they include a mini webserver in their own code ie a daemon that listens on a nominated port (eg 10000 for webmin, cups port 631 http://en.wikipedia.org/wiki/CUPS ) which can only run as that user and only run the cmds reqd by that SW.

There's nothing to stop you faking up a very restricted webserver; the user can't tell the difference so long as it looks / behaves like Apache within a limited realm.

Thanks for all your useful comments ...

RE Better in this case is to implement webmin.

I wonder how web hosting companies are able to run linux commands from their web interfaces. A common interface is 'Plesk panel' (Web Hosting Control Panel) which offers a whole lot of functionality from creating sub domains to creating new databases which I assume require root priveleges. Do they too use their own bespoke restrictive web servers ?

I created a web front end for third party software (Asterisk server) using sudoers file and sockets connections ....

How could I have integrated webmin into this system ?
Can webmin be integrated with Apache for admin tasks ?

regards,

Steven Matthews

If you do some research into things like Plesk or cpanel, you will find an awful lot of security problems with this kind of approach. However, in the examples you cited, you can actually do most of those tasks without root privileges. Lets look at subdomains. As long as you can edit the relevant apache config file, you can do the work necessary to add them. You could solve this by having those files owned by a non-root group that has read/write privileges. The only place where you would need root privileges is to restart the server, and that can be handled by sudo that allows the user to run just apachectl (or an appropriate script) as root.

Mysql is a different case. Those users are completely different from system users and have nothing in common (except maybe the name). And in Mysql, the ability to create a database can be granted to normal mysql users, and doesn't require system root privileges.

It depends upon how you used the sudoers file. If you gave the web user blanket sudo permissions, that is an extraordinarily bad idea. If you limited them to just the commands they needed to run/modify Asterisk, then it might be OK. Really the question to be asking is what happens if the front-end gets compromised? Does that give the attacker root privileges or do they have to find ways to escalate? Also in this case, could an attacker get access to Asterisk and give themselves free calling without having to escalate to root?

If standard webmin doesn't have the needed functions, there are modules available, or you can write your own module.