Linux web interface best practices
I want to create a web interface to manage / administer my Linux box. For example. I want to be able to add users, manage the file system and all that kind of stuff. Think of it as a cPanel clone, but more for the sysadmin rather than the web admin.
I was thinking about creating a service that runs on my box and that does all the system level tasks. This way I can have a clear separation between my web interface and the real logic. Server pages can make calls to my dedicated server or queue tasks this way. However, I'm not sure if this would be the best way to do it.
I think another important question is, how would I deal with security when creating something like this?
PS: It's like a pet project and learning experience, so I'm not interested in existing solutions that do a similar thing.
source to share
Have the custom service daemon run as a separate user - let it "managerd". Set up the / etc / sudoers file so that "managerd" can execute the various commands you want, so that they can be run as root without a password.
Release the web server "trigger" files containing commands to run in a directory that is "770" mode, with a group that includes only web server users and "managerd". Make sure "managerd" checks that the files have the correct ownership before running the command.
Make sure the web interface side is blocked - run it over HTTPS only, ask for authentication, and if possible enter the IP ACLs so that you can only access it from known locations beforehand.
source to share
Your solution seems to be a very reasonable solution to the "root" problem.
A few suggestions:
- Binding a "specialized service" to the local host will also help ensure that requests cannot be made from the outside.
- Testing call invocation functions that perform actions rather than directly provide full unrestricted access to a service. Therefore, calling the function "addToGroup (user, group)" instead of the general "performAction (command)".
source to share