Answer the question
In order to leave comments, you need to log in
J
J
juffinhalli2012-05-11 15:00:18
juffinhalli, 2012-05-11 15:00:18
Tip for a teapot - how to run a sh script on the server through a browser?
Good evening habrazhiteli!
There is a Debian server.
It contains a sh script that outputs the results of the work to a text file.
The file can always be viewed in the browser, because it is shared using Lighttpd.
The script is executed via cron every hour and, accordingly, the data in the textbook is always slightly outdated.
1. Recommend a recipe so that the script runs only when opened in a browser and displays the actual execution results immediately on the page. The progress bar is highly desirable.
2. How safe is it?
PS I dare to suggest that this is done through cgi scripts, my knowledge is not enough for further. I'm not familiar with the Web.
11 answer(s)
@pomeo
@inkvizitor68sl
@Nastradamus
@miraage
@NanoDragon
@Eddy_Em
And this CGI was launched with such a form:
@Eddy_Em
@foxmuldercp
P
pomeo, 2012-05-11 @pomeo
somehow difficult options were advised here. CGI is correct, it's in that direction. How it is configured will have to be read in the lighttpd docs, it may already work.
Throw the test.cgi file into the cgi directory with chmod +x
and open http://site/cgi/test.cgi in the browser , if everything is fine.
Everything is fine with security, too, I don’t see any problems how a shell script differs from any other php, rb, py, etc.
#!/bin/bash
echo "Content-type: text/html" #или text/plain и любое другое
echo ""
echo "<h1>test</h1>"
V
Vlad Zhivotnev, 2012-05-11 @inkvizitor68sl
There are no problems with security in general (if you approach the script itself wisely). Well, it's better to remove basic auth.
Google tags - apache bash cgi run.
N
Nastradamus, 2012-05-11 @Nastradamus
From PHP:
<?php
$e = "/usr/bin/nohup /home/vasya/scripts/run_build.sh > /dev/null 2>&1 &";
shell_exec("$e");
php?>
M
Mikhail Osher, 2012-05-11 @miraage
Almost all web-based PLs have functions like system(), exec(), which in turn make it clear what they are doing.
From here you dance. I would file authentication before running the script.
N
NanoDragon, 2012-05-11 @NanoDragon
It's completely safe if done right.
It is possible instead of lighttpd. Run node. www.nodebeginner.ru/
Or, as an option, attach a script engine (php) to the web server.
E
Eddy_Em, 2012-05-11 @Eddy_Em
At first, I myself did CGI only on the bash (but in a small locale it still more or less worked, and then I still had to think about security - CGI began to be written in C).
Here is a simple example (dictionary).
dict.cgi:
#!/bin/sh
addw()
{
echo "<form action="/cgi-bin/addaword" method=POST>\
The translation of <b><input size=20 name="word" value="\"$word\""></b> is <input name="trans" size=50>"
echo "<input type=submit value=\"Add the word\"></form>"
}
ud="../html/Dictionary/userdict.txt"
eval `./convert`
echo -e "Content-type: text/html\n"
cat header.txt
echo "<body>"
if [ "$word" = "" ]; then
tr="Please, enter a word"
else
tr=`cat $ud|grep -i " $word "`
tr1=`cat ../html/Dictionary/Dictionary.txt|grep -i "^$word:"`
tr2=`cat ../html/Dictionary/Dictionary.txt|grep -i "$word"`
tr3=`cat ../html/Dictionary/kara4.dic| grep -i "$word"`
fi
if [ "$pass" = "eddy" ]; then
tmp="/tmp/dic.cgi.$$"
cat $ud | grep -v " $word " > $tmp
rm $ud
cp $tmp $ud
rm $tmp
addw
exit
fi
if [ "$tr" != "" -o "$tr1" != "" -o "$tr2" != "" -o "$tr3" != "" ]; then
if [ "$tr1" = "" ]; then
if [ "$tr2" = "" ]; then
tr1="The word is absent"
else
tr1="$tr2"
fi
fi
if [ "$tr" = "" ]; then tr="The word is absent"; fi
echo "<div style=\"text-align: center; height: 100%\"><pre>"
echo "<big><b>Карачаевский:</b></big><hr width=30%>"
echo "$tr3" | sed "s/$word/<b><font color=red>$word<\/font><\/b>/g"
echo "<hr size=5px>
<big><b>Английский:</b></big><hr width=30%>"
echo "$tr1" | sed "s/$word/<b><font color=red>$word<\/font><\/b>/g"
echo "</pre></div>"
else
echo "Такого слова я, увы, не знаю..."
fi
echo "</body>"
And this CGI was launched with such a form:
<form name="main" action="/cgi-bin/dict.cgi" method="POST" target="client">
<b>Ваше слово:</b>
<input name="word" size="50">
<input type=submit size="2" value="Перевести">
</form>
E
Eddy_Em, 2012-05-11 @Eddy_Em
And there is such a thing (although I don’t know if other web servers, besides Apache, support it) - SSI. We run CGI on the server (at least a bash script, at least something else) and substitute the output in html. Because this thing is server-side (i.e. executed before the page reaches the user), with a lot more security than running CGI with a GET or POST request.
N
Nikolai Turnaviotov, 2012-05-13 @foxmuldercp
Here I have a list of files dynamically generated in the current directory in the index.php file, because if there is no index.php / htm9l directory) 403 is issued
. I suspect that you can display anything you want by dynamically issuing it
<?php
$bad_files = array('index.php');
if ($handle = opendir('.')) {
echo '<table width="2" border="2" cellspacing="2" cellpadding="3">';
while (false !== ($file = readdir($handle))) {
if ($file[0] == '.') {
continue; // skip dot-files
}
if (in_array($file, $bad_files)) {
continue; // skip 'bad' files
}
if (is_dir($file)) {
$file .= '/';
}
echo "<tr><td><a href=\"$file\">$file</a></td></tr>";
}
echo '</table>';
closedir($handle);
} else {
echo 'Error';
}
Similar questions
K
M
V
D
E
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question