Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

Re^2: Perl terminal access to linux server

by Polyglot (Friar)
on Sep 22, 2021 at 10:59 UTC ( #11136951=note: print w/replies, xml ) Need Help??


in reply to Re: Perl terminal access to linux server
in thread Perl terminal access to linux server

Sorry if my intent was unclear. By "terminal access" I mean "command prompt" of the sort usually accessed by some form of shell terminal, e.g. bash, csh, etc. I have no need for, nor interest in, going back to the days of modems. I just want to execute privileged commands on the server.

Blessings,

~Polyglot~

  • Comment on Re^2: Perl terminal access to linux server

Replies are listed 'Best First'.
Re^3: Perl terminal access to linux server
by afoken (Canon) on Sep 22, 2021 at 19:59 UTC
    By "terminal access" I mean "command prompt" of the sort usually accessed by some form of shell terminal, e.g. bash, csh, etc.

    Some ways to get a command prompt on a Linux machine:

    • Virtual terminal a.k.a. console, i.e. keyboard and monitor connected to the machine. Linux emulates one or more VT100 derivates, and you can use keyboard shortcuts (typically Alt plus one of the F-keys) to switch between the terminals.
    • Real terminal, e.g. the original VT100, or just about any other computer running a terminal emulator, connected to one of the serial ports of the Linux machine. On an x86-derived PC, typically not enabled by default. Other hardware, especially servers and embedded hardware, may use a serial port for the console.
    • Terminal emulator (xterm and friends) displayed on an X11 or Wayland server ("Graphics mode"). Typically not available on servers.
    • Telnet via any TCP/IP connection. Not encrypted, password transmitted as plain text, insecure and thus typically not enabled by default.
    • Remote shell via any TCP/IP connection. Not encrypted, password often transmitted as plain text, insecure and thus typically not enabled by default.
    • SSH via any TCP/IP connection. Encrypted, secure with recent encryption protocols, can use public keys instead of passwords.
    • Remote code execution exploits in existing server implementations. Rarely legal, not always reliable, and often not encrypted.
    I just want to execute privileged commands on the server.

    You don't necessarily need a command prompt for that. Most privileged commands on Linux can run fine without a command prompt.

    To execute unprivileged commands, just use fork, exec, and wait, or one of the wrappers (qx, system, ``, pipe open, ...). That's not even specific for Perl, almost all languages running on Linux can start other processes.

    And to run privileged commands, just use sudo. Yes, sudo needs to be configured, and the documentaton for its config file was probably the inspiration for the right-hand side of https://xkcd.com/1343/, but it allows a very precise control about who is given privileged access, to which programs, and even the parameters passed to the programs can be restricted. Running sudo is trivial. Just execute sudo instead of the privileged command, and pass the privileged command and all of its parameters as parameters to sudo.

    When running CGIs or SSI from Apache, you can alternatively use suEXEC. suEXEC is sufficiently paranoid, but not as flexible as sudo. And it explicitly prevents running code as root.

    <Update>Just for inspiration: Webmin routinely runs privileged commands from a webserver. Unfortunately, it does so by simply NOT dropping privileges when starting the webserver, so everything runs as root. See Building a web-based system administration interface in Perl and especially Re: Building a web-based system administration interface in Perl for a better way; and Best way to write to a file owned by root? for some paranoid file handling when running with elevated privileges.</Update>

    Alexander

    --
    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
Re^3: Perl terminal access to linux server
by salva (Canon) on Sep 22, 2021 at 16:30 UTC
    I think your intention is still not clear.

    Could you describe in detail the interaction you expect from the user accessing that web site?

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11136951]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (5)
As of 2022-01-18 18:55 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:












    Results (54 votes). Check out past polls.

    Notices?