I want to build a web based front-end to manage/administer my Linux box. E.g. I want to be able to add users, manage the file system and all those sorts of things. Think of it as a cPanel clone but more for system admin rather that web admin.
我想构建一个基于Web的前端来管理/管理我的Linux机器。例如。我希望能够添加用户,管理文件系统和所有这些事情。可以把它想象成一个cPanel克隆,但更多的是系统管理员而不是网络管理员。
I was thinking about creating a service that runs on my box and that performs all the system levels tasks. This way I can have a clear separation between my web based front-end and the actual logic. The server pages can than make calls to my specialized server or queue tasks that way. However, I'm not sure if this would be the best way to go about this.
我正在考虑创建一个在我的盒子上运行并执行所有系统级别任务的服务。通过这种方式,我可以清楚地分离基于Web的前端和实际逻辑。服务器页面可以通过这种方式调用我的专用服务器或队列任务。但是,我不确定这是不是最好的方法。
I guess another important question would be, how I would deal with security when building something like this?
我想另一个重要的问题是,在构建这样的东西时我将如何处理安全问题?
PS: This just as a pet project and learning experience so I'm not interested in existing solutions that do a similar thing.
PS:这只是一个宠物项目和学习经历,所以我对做类似事情的现有解决方案不感兴趣。
2 个解决方案
#1
1
Have the specialized service daemon running as a distinct user -- let's call it 'managerd'. Set up your /etc/sudoers file so that 'managerd' can execute the various commands you want it to be able to run, as root, without a password.
让专门的服务守护进程作为一个独特的用户运行 - 让我们称它为'managerd'。设置/ etc / sudoers文件,以便'managerd'可以在没有密码的情况下以root身份执行您希望它能够运行的各种命令。
Have the web server drop "trigger" files containing the commands to run in a directory that is mode '770' with a group that only the web server user and 'managerd' are members of. Make sure that 'managerd' verifies that the files have the correct ownership before executing the command.
让Web服务器删除“触发器”文件,其中包含要在模式为“770”的目录中运行的命令,其中只有Web服务器用户和“managerd”是其成员的组。确保'managerd'在执行命令之前验证文件是否具有正确的所有权。
Make sure that the web interface side is locked down -- run it over HTTPS only, require authentication, and if all possible, put in IP-specific ACLs, so that you can only access it from known locations, in advance.
确保Web界面已锁定 - 仅通过HTTPS运行,需要身份验证,如果可能,请放入特定于IP的ACL,以便您只能提前从已知位置访问它。
#2
1
Your solution seems like a very sensible solution to the 'root' issue.
您的解决方案似乎是解决“根”问题的一个非常明智的解决方案。
Couple of suggestions:
几点建议:
- Binding the 'specialised service' to localhost as well would help to guarantee that requests can't be made externally.
- Checking request call functions that perform the actions and not directly give the service full unrestricted access. So calling a function "addToGroup(user,group)" instead of a generic "performAction(command)".
将“专用服务”绑定到localhost也有助于保证不能在外部进行请求。
检查执行操作的请求调用函数,而不是直接为服务提供完全不受限制的访问。因此调用函数“addToGroup(user,group)”而不是通用的“performAction(command)”。
#1
1
Have the specialized service daemon running as a distinct user -- let's call it 'managerd'. Set up your /etc/sudoers file so that 'managerd' can execute the various commands you want it to be able to run, as root, without a password.
让专门的服务守护进程作为一个独特的用户运行 - 让我们称它为'managerd'。设置/ etc / sudoers文件,以便'managerd'可以在没有密码的情况下以root身份执行您希望它能够运行的各种命令。
Have the web server drop "trigger" files containing the commands to run in a directory that is mode '770' with a group that only the web server user and 'managerd' are members of. Make sure that 'managerd' verifies that the files have the correct ownership before executing the command.
让Web服务器删除“触发器”文件,其中包含要在模式为“770”的目录中运行的命令,其中只有Web服务器用户和“managerd”是其成员的组。确保'managerd'在执行命令之前验证文件是否具有正确的所有权。
Make sure that the web interface side is locked down -- run it over HTTPS only, require authentication, and if all possible, put in IP-specific ACLs, so that you can only access it from known locations, in advance.
确保Web界面已锁定 - 仅通过HTTPS运行,需要身份验证,如果可能,请放入特定于IP的ACL,以便您只能提前从已知位置访问它。
#2
1
Your solution seems like a very sensible solution to the 'root' issue.
您的解决方案似乎是解决“根”问题的一个非常明智的解决方案。
Couple of suggestions:
几点建议:
- Binding the 'specialised service' to localhost as well would help to guarantee that requests can't be made externally.
- Checking request call functions that perform the actions and not directly give the service full unrestricted access. So calling a function "addToGroup(user,group)" instead of a generic "performAction(command)".
将“专用服务”绑定到localhost也有助于保证不能在外部进行请求。
检查执行操作的请求调用函数,而不是直接为服务提供完全不受限制的访问。因此调用函数“addToGroup(user,group)”而不是通用的“performAction(command)”。