Re: Secure Web-Based Administration

From: Glynn Clements (glynn.clements@virgin.net)
Date: 01/21/03

  • Next message: konold@erfrakon.de: "Re: Secure Web-Based Administration" 
    From: Glynn Clements <glynn.clements@virgin.net>
Date: Tue, 21 Jan 2003 09:47:30 +0000
To: "Ryan" <ryan@vbnet.net>

    Ryan wrote:

    > I would like to create some web pages/scripts (probably using PHP since I
    > use it for a lot of other things) to assist me in administering my linux
    > machine. What are some ways that I can execute certain administrative
    > commands (such as ifconfig,iwconfig,route,scripts in my /etc/init.d/
    > directory, etc...) as root?
    > I'm fairly familiar with the different access-control methods available to
    > me to restrict access to these pages. I will definitely be using SSL with
    > a self-signed certificate. I'm just not sure how to get my web server
    > (which doesn't run as root and I want to keep it that way) to execute
    > these commands with superuser privileges.

    If you're absolutely determined to provide root access via a web
    server, it would be a good idea to run a completely separate httpd
    process for this purpose, rather than adding the functionality to a
    "public" web server.

    The secure server should only accept SSL (https) connections, and
    should not include any functionality (e.g. modules) which aren't
    essential for the intended purpose. It should have completely separate
    ServerRoot and DocumentRoot directories from the normal server. Any
    additional restrictions which can reasonably be imposed (e.g. source
    IP address) should be.

    As to the specific question of how to perform operations which require
    root privilege from a server that isn't running as root, you basically
    have two options.

    1. Forward the requests to another process which is running as root.
    2. The Unix Set-UID mechanism.

    In this situation, I suspect that option 2 would be preferable, as
    there is more scope for a process to perform validation checks upon
    its parent process than upon the other end of a communcation channel.

    Specifically, look into the SuEXEC module; this is intended for a very
    similar purpose (allowing CGIs to run with a UID which differs from
    that of the web server). However, one of its security features is that
    it refuses to run as root, so you would have to remove this check if
    you wish to use it for this purpose. 

    -- 
Glynn Clements <glynn.clements@virgin.net>

    Relevant Pages

    • RFX Networks/ RackAdmin.com ALERT
      ... below was posted to some security websites. ... | in security and scalable server management on varying levels. ... Got Root? ... Your Server login ID is: ...
      (comp.os.linux)
    • RFX NETWORKS ALERT
      ... below was posted to some security websites. ... | in security and scalable server management on varying levels. ... Got Root? ... Your Server login ID is: ...
      (alt.linux)
    • Solaris Sparc 9 12/3 Core ./installer failing due Java?
      ... system SUNWadmr System & Network Administration Root ... system SUNWapchd Apache Web Server Documentation ... system SUNWapchu Apache Web Server (usr) ... system SUNWaudd Audio Drivers ...
      (comp.unix.solaris)
    • core install of Solaris 9 (sparc) package list can be trimmed ?
      ... This is a server that will have very specific reasons ... system SUNWadmr System & Network Administration Root ... system SUNWeu8os American English/UTF-8 L10N For OS Environment User Files ... system R SUNWfcip Sun FCIP IP/ARP over FibreChannel Device Driver ...
      (comp.unix.solaris)
    • [Full-Disclosure] RFX Networks
      ... | in security and scalable server management on varying levels. ... | monitor to take action during situations of service failure. ... Got Root? ... Your Server login ID is: ...
      (Full-Disclosure)