Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

(jeffa) Re: Run arbitrary UNIX commands on webserver without telnet

by jeffa (Chancellor)
on Oct 30, 2001 at 20:59 UTC ( #122133=note: print w/ replies, xml ) Need Help??


in reply to Run arbitrary UNIX commands on webserver without telnet

This sounds like a job for SOAP. Also notice the use of the lookup table - instead of allowing the user to send arbitrary commands, only allow them a handlful of tokens that you consider safe:

package RPC; sub new { my $proto = shift; my $class = ref($proto) || $proto; my $self = { ls => 'ls -la' top => 'top -b -n1' who => 'w' }; return bless $self, $class; } sub exec { my ($self,$cmd) = @_; $cmd = $self{$cmd} || return "bad command\n"; `$cmd`; }
Take a gander at SOAP::Lite for more info, also check out $code or die's review on the module.

Update: I should mention that if you actually want the user to be able to have 'state', then you need to add sessions - check out Apache::Session. For example, if the user issues 'cd /' and then 'pwd' - the result of the 'pwd' will show that they are back at their home directory, and not root.

But, if they need that - then you really should just use ssh. :)

jeffa


Comment on (jeffa) Re: Run arbitrary UNIX commands on webserver without telnet
Download Code
Re: (dmm): Run arbitrary UNIX commands on webserver without telnet
by dmmiller2k (Chaplain) on Oct 30, 2001 at 23:26 UTC

    I can see this discussion has somehow gone off on a tangent.

    This approach was NOT (repeat: NOT) ever meant for USERS to see, much less use.

    It is, temporarily, a way to:
    • find out the cwd (e.g., by running 'pwd'), for example, in order to install some script you got from somewhere that needs to know where it is installed,
    • unpack a gzipped tarball you just FTP'ed onto a site ('zcat whatever.tar.gz|tar -xvf -'),
    • determine the version of perl you're running ('perl -V')
    • etc.

    Once again, this is not for users. It is for me, the developer!

    dmm

    
    You can give a man a fish and feed him for a day ...
    Or, you can teach him to fish and feed him for a lifetime
    
      Ah, okay - i see the difference now. But remember this, it is for you AND anyone who hacks your packets while you run this.

      jeffa

      You can give a man a fire and warm him for a day . . .
      or you could set the man on fire and keep him warm for a lifetime

      (quote stolen from boo_radley)

        touché

        dmm

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://122133]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (6)
As of 2015-07-05 08:13 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (61 votes), past polls