Need advice on web-based administration
Results 1 to 7 of 7

Thread: Need advice on web-based administration

  1. #1
    Senior Member roswell1329's Avatar
    Join Date
    Jan 2002
    Posts
    670

    Need advice on web-based administration

    As an systems administrator for a large company, one of my major jobs is automating smaller jobs whenever possible. I've recently been involved in creating several monitoring tools for all the systems my team and I monitor, and linking them to a single internal website. We've even added a few scripts that do some simple chores on each system remotely from the website.

    I also administer an online document warehousing application (on several servers) that allows customers to view reports from a GUI client. On the server side, there are several command-line tools that allow the administrator to create users/folders/groups/etc. for the server from the command-line without having to use the GUI.

    I've been thinking about adding a section to the website that would allow certain users (managers) to input information about users/folders/groups/etc., and have a website CGI create a simple shell script compiled from their requests using the command-line tools. The website's CGI would then move the script over to the correct application server, and place it in a "holder" directory. A daemon running (as the application's admin user) on the designated server would monitor the holder directory for incoming new scripts to run, and run any scripts owned by a specific user when they arrive.

    This kind of automation would greatly limit the number of frivolous tasks my team performs for this application, but I'm really uncomfortable about writing a daemon that would run as the admin user, and execute any script placed in a specific directory, just because it's owned by a specific user. Can anyone else suggest a better solution for this kind of remote administration? The remote servers do not have web servers running on them, so I can't link to a separate CGI running on the designated server.
    /* You are not expected to understand this. */

  2. #2
    Senior Member
    Join Date
    Jul 2002
    Posts
    167
    You might want to play around with webmin (http://webmin.com) and see what you can come up with. You can put users into groups and give them customer commands if necessary to limit there access. Good luck.

  3. #3
    Senior Member roswell1329's Avatar
    Join Date
    Jan 2002
    Posts
    670
    Thanks for the suggestion, detoxsmurf, but the users/groups/folders I was speaking of were part of the online document warehousing application I mentioned. It uses authentication to grant users access to view certain sensitive documents. I'm gonna have to code something custom.

    I'm thinking that my idea might be securely implemented if I used some kind of encrypted string for verification that the daemon can check to make sure it's executing a valid script.
    /* You are not expected to understand this. */

  4. #4
    Shadow Programmer mmelby's Avatar
    Join Date
    Jul 2002
    Location
    Ft. Myers, FL
    Posts
    291
    You did not mention what type of servers you were running. There is an open source project called TWiki that allows user collaboration through the web. It was created by a team in Motorola. The link is

    http://www.open-mag.com/9143483279.htm
    Work... Some days it's just not worth chewing through the restraints...

  5. #5
    Senior Member roswell1329's Avatar
    Join Date
    Jan 2002
    Posts
    670
    Thanks mmelby -- I don't think TWiki is what I'm looking for in this case. TWiki is more of a content management system for modifying web content. I'm trying to build a system that will modify the configuration of an application running on a system other than the web server. Like this:

    (User) == request ==> (web server) == CGI processed request ==> (application server)

    The web-server and the application server are 2 totally separate machines.
    /* You are not expected to understand this. */

  6. #6
    Banned
    Join Date
    Aug 2002
    Posts
    35
    i really don't know anything about codeing or scripting or any lanuage other than english. i would suggest though for you to encrypt it. it you are worried that someone will send you an app that will disable your comp/server then you should put some kind of heavy encription on it. it makes sense to me.

  7. #7
    Senior Member roswell1329's Avatar
    Join Date
    Jan 2002
    Posts
    670
    Thanks, HavangerSr, that's good advice, although I'm not running a user-created script. The CGI merely needs to take in a few pieces of information, and then it can create the rest of the script on it's own. For example, to create a folder in this application the user must supply a folder name and a description. I would provide a web-form that asks the user for the folder name, the folder description they want to use, and the server to add it to. The CGI program would then interrogate the responses for any kind of weird/illegal characters, and then create a shell script that would look something like this:

    #!/bin/sh
    /usr/local/bin/application_add_tool -folder "user supplied folder name" "user supplied desc"

    It would then transfer this file to the appropriate server, and a program running on the application server would watch for any new scripts added by the CGI program every 15 or 20 minutes. If a new script exists, it would run the shell script and the changes would be made.

    My problem is I would like any suggestions people have on making this process more secure, or perhaps any suggestions to change the process. I added above that I would probably want to add some sort of encrypted string to the shell script that the daemon program running on the application server could decipher to make sure the script is valid. Any other ideas?
    /* You are not expected to understand this. */

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •