Date: Thu, 29 Nov 2007 00:23:45 -0500 From: Steve Bertrand <iaccounts@ibctech.ca> To: Olivier Nicole <on@cs.ait.ac.th> Cc: freebsd-questions@freebsd.org Subject: Re: Secure remote shell Message-ID: <474E4CE1.6060809@ibctech.ca> In-Reply-To: <200711290428.lAT4SOLd065598@banyan.cs.ait.ac.th> References: <200711290428.lAT4SOLd065598@banyan.cs.ait.ac.th>
next in thread | previous in thread | raw e-mail | index | archive | help
> What other solution would you suggest to execute a shell remotely as > root, that could be automated in a script (no password required). - have information input into browser - have web server save information to server disk in non-executable format - have script (or admin) authenticate/authorize commands to be performed (recommend doing this manually for a while to ensure you capture as many escape type bugs as possible) - have commands via another script scrubbed/cleaned/tested - have cron perform commands at every X minutes Dirty, but it works. Just ensure that your input variables are very clean during the request, and their storage. All this said, I have an environment that may *semi* relate to what you are doing. It appears you are running your mail with sendmail on one box, RADIUS on another, and perhaps your web interface on yet another. Is this correct? Perhaps it's all on the same box... Can you state: - mail server software - RADIUS software - web interface (server) software ...assuming further, the web interface is custom right? How many users do you have? How many support people? Perhaps you could mail me off-list to discuss, as myself, and my support staff just went through this last year, and are just finishing up the details. Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?474E4CE1.6060809>