通过Web界面修改系统配置文件和使用系统命令
我最近收到了一个项目,我想知道如何以正确且安全的方式做某事。
情况如下:
有管理linux用户、mysql用户和数据库以及apache虚拟主机的类。它们用于在小型共享托管环境中自动添加用户。然后,在命令行脚本中使用这些类,为系统管理员提供良好的界面。
我现在被要求构建一个简单的 Web 界面,为管理员提供 GUI,然后直接向用户提供一些功能(更改他们的 UNIX 密码和其他日常程序)。
我不知道如何实现网络应用程序。它将在 Apache 中运行(使用 apache 用户),但类需要访问只能由 root 用户使用的文件和命令来进行必要的更改(例如 useradd 和虚拟主机配置文件)。使用命令行脚本时,这不是问题,因为它们在正确的用户下运行。向 apache 用户授予权限可能会很危险。
通过 Web 应用程序实现此目的的最佳技术是什么?如果可能的话,我想直接使用这些类(这比调用外部进程和解析输出等命令行脚本更方便),但我不知道如何以安全的方式执行此操作。
我看到现有的产品在做类似的事情(webmin,eBox,...),但我不知道它是如何工作的。
PS:我收到的课程很简单,但编程非常糟糕,而且几乎没有评论。它们实际上是用 PHP 编写的,但我计划将它们移植到 python 中。然后我想使用 Django 框架来构建 Web 管理界面。
如果问题不够清楚,谢谢并抱歉。
编辑:我读了一些关于 webmin 的内容,发现它使用自己的迷你 Web 服务器(称为 miniserv.pl)。这似乎是一个很好的解决方案。运行该服务器的用户应该有权修改文件和使用命令。我怎样才能用 Django 做类似的事情?使用开发服务器?使用像 CherryPy 这样的东西会更好吗?
I received a project recently and I am wondering how to do something in a correct and secure manner.
The situation is the following:
There are classes to manage linux users, mysql users and databases and apache virtual hosts. They're used to automate the addition of users in a small shared-hosting environnement. These classes are then used in command-line scripts to offer a nice interface for the system administrator.
I am now asked to build a simple web interface to offer a GUI to the administrator and then offer some features directly to the users (change their unix password and other daily procedures).
I don't know how to implement the web application. It will run in Apache (with the apache user) but the classes need to access files and commands that are only usable by the root user to do the necessary changes (e.g useradd and virtual hosts configuration files). When using the command-line scripts, it is not a problem as they are run under the correct user. Giving permissions to the apache user would probably be dangerous.
What would be the best technique to allow this through the web application ? I would like to use the classes directly if possible (it would be handier than calling the command line scripts like external processes and parsing output) but I can't see how to do this in a secure manner.
I saw existing products doing similar things (webmin, eBox, ...) but I don't know how it works.
PS: The classes I received are simple but really badly programmed and barely commented. They are actually in PHP but I'm planning to port them to python. Then I'd like to use the Django framework to build the web admin interface.
Thanks and sorry if the question is not clear enough.
EDIT: I read a little bit about webmin and saw that it uses its own mini web server (called miniserv.pl). It seems like a good solution. The user running this server should then have permissions to modify the files and use the commands. How could I do something similar with Django? Use the development server? Would it be better to use something like CherryPy?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
你好
您可以使用符合 WSGI 的 Web 框架(例如 CherryPy2)和模板引擎(例如 Genshi)在 Python 中轻松创建 Web 应用程序。您可以使用“子进程”模块来管理外部命令...
Hello
You can easily create web applications in Python using WSGI-compliant web frameworks such as CherryPy2 and templating engines such as Genshi. You can use the 'subprocess' module to manadge external commands...
您可以使用 sudo 向 apache 用户授予仅执行 Web 应用程序所需的命令/脚本的 root 权限。
You can use sudo to give the apache user root permission for only the commands/scripts you need for your web app.