2

I am working on a web interface that allows users to run programs on a Linux machine and appeal to the smarter minds on here for some help.

Summary

My intention is to create a web environment (behind a login) where webusers input or modify basic information stored in a MySQL database served via PHP scripts. Once the webuser submits the input data, it is written to a MySQL database, and a bash script is generated with the data then executed to run several programs in sequence on the Linux box.

The goal is to prevent inexperienced users from having to SSH into the Linux machine and edit text files manually to run certain software. The MySQL database is meant to store webuser info and data for each case they create.

The Trouble

I need some help on how to proceed from a security and functionality stand-point:

The Problem

shell_exec() executes a bash script as the apache user which does not have the proper environment to execute the programs. This issue is described here with no (clear) resolution.

The Concerns

  1. I cannot SSH into user apache to handle back-end administration of these cases. This is where executing the scripts as another user would be beneficial.

  2. The shared back-end account is executed by every webuser meaning any data written could potentially be exposed to every webuser, which is not good; but I'm not sure of the extent of the security implications here.

The Analysis

  • I feel that creating sessions using ssh2_exec() to execute the bash scripts on the back-end would alleviate the issue with #1 above. However, I don't want the webuser to have to maintain a persistent connection since some scripts may take hours to run. If they are connected, feedback on the progress is required, but they should be free to leave at any time.

  • I figure I can avoid any issues with data access on the back-end by just splitting up cases into subdirs by webuser or a var in the MySQL database. Say I save data in a dir-structure like /CASES/webuser#/case# or similar, then restricting webuser access to only their own subdir. Does this seem feasible?

Questions

  • Is either ssh2_exec() or shell_exec() better for what I'm attempting to accomplish?

  • Is there a better method to separate and secure data on the back-end from different webusers?

  • Could I perhaps initialise a ssh2_connect() session when the user logs in so I can feed them updates, then terminate it when they manoeuvre away from the site? Would they have to manually log out when leaving to sever the connection?

Thanks for having a look, and for any help.

Community
  • 1
  • 1
stacked
  • 277
  • 3
  • 9

0 Answers0