Topic: simple web page to restart some sme services

[Jáder]

We're change ERP software and new guys ask for root access to MY server... no way.
So I discovered they need to restart Postgre, Java and other daemons after update their software.

I think I should create a web page to do that... so I google for it and came to something like this in cgi-bin of one password protected ibay (or even on primary if security is not a concern):

Code: [Select]

[root@guepardo cgi-bin]# cat rs.cgi
#!/bin/bash
echo "Content-type: text/html"
echo ""
echo "<html><head><title>Interface ERP guys"
echo "</title></head><body>"
echo "<h1>Interface @ server $(hostname -s)</h1>"
echo ""
echo "<h1><a href="renicia-bd.cgi">restart BD Postgres</a></h1>"
echo ""
echo "<h1><a href="reinicia-apache.cgi">restart Apache</a></h1>"
echo ""
echo "<h1><a href="reinicia-apache.cgi">restart JAVA</a></h1>"
echo ""
echo "</body></html>"

simple, very simple.
and I created .cgi files (with +x permission):

Code: [Select]

[root@guepardo cgi-bin]# cat reinicia-apache.cgi
#!/bin/bash
echo "Content-type: text/html"
echo ""
echo "<html><head><title>Interface ERP guys"
echo "</title></head><body>"
service httpd-e-smith restart
echo "</body></html>"

but it do not work, give me the error:

Code: [Select]

Restarting httpd-e-smith warning: /service/httpd-e-smith: unable to open supervise/ok: access denied [FAILED] warning: /service/httpd-e-smith: unable to open supervise/ok: access denied
So it appears to be trying to run command and having permission issues.
I know this MUST be possible... but would not like to try 100s of permissions to find out what I have to change!

Could someone post the single fix (I bet it's a simple chmod) to this error?
Thanks

Jáder

[cactus]

I doubt it is something with chmod. I think it has to do that the www/apache user is not allowed to perform the desired actions and can not find the files in the path.
IIRC the www/apache user is configured in a very strict permission scheme to prevent exploits like you are trying to use.

[Stefano]

my 2c:

start from http://www.dungog.net/wiki/Usermanager#User_Manager contrib, create a panel for the needed functions and create the needed events.. you can find more info on dev's manual..

this is the only way to do things in the SME's way
good luck

[janet]

jader

Here is another possibility, or possibilities.

Many years ago (2004 - 2005) Darrell May created an rpm
e-smith-service-control-1.1.0-06.noarch.rpm

Maybe you could tweak that to do what you want, and then make it accessible via the user manager contrib.

If you cannot find it by searching, I have the old rpm & src rpm.

I also wonder whether the sme7admin contrib, now sme8admin contrib would do what you want or could be made to do what you want.

Also many years ago, Dungog had a contrib that added an icon to the Windows desktop to start (and stop) the dial up modem service, I forget the exact details, but it was before the days of broadband, so you might want to ask Stephen at dungog.net for help re "how to do it".

[Jáder]

I doubt it is something with chmod. I think it has to do that the www/apache user is not allowed to perform the desired actions and can not find the files in the path.
IIRC the www/apache user is configured in a very strict permission scheme to prevent exploits like you are trying to use.

hehehe... I know that's a bad practice... but it's requested at least for a while.
I'm sure a prefer this than allow someone else to have shell access to my server.

Just to let you to know: they request I open port 5432 (postgre) to web with default user/password: hehehehe... great security concerns!
No way I'll EVER let them TOUCH the SME shell.

[Jáder]

(...)
Many years ago (2004 - 2005) Darrell May created an rpm
e-smith-service-control-1.1.0-06.noarch.rpm

hum... that would be nice... I just thought that would be MUCH simpler...

I also wonder whether the sme7admin contrib, now sme8admin contrib would do what you want or could be made to do what you want.

I'll look at it... but I dont have too many hopes on this bet.

Also many years ago, Dungog had a contrib that added an icon to the Windows desktop to start (and stop) the dial up modem service, I forget the exact details, but it was before the days of broadband, so you might want to ask Stephen at dungog.net for help re "how to do it".

I'll try to talk to Stephen... lastly.

I also think about to create my own actions on SME (or just one:  restart 3 services at one button) and allow web page to call that action.
I presume this is possible because it's the way server-manager uses.

EDIT: I think event it's ADJUST-SERVICES from /etc/e-smith/events/actions
 
EDIT2:
 /etc/e-smith/events/actions/adjust-services actions restart httpd-e-smith

This would restart apache??!?!
Any colateral effects I'm not aware ?