Can't sudo in the web console


#1

This limits its its usability.

for example:
sudo setdisk will blow through the setdisk utility without prompting for a user however it works via a ssh session.

You can’t sudo su - , etc.

Thanks!
-RX


#2

I wouldn’t use the web console for much more than basic directory building and/or navigation of system files. It is not a fully fledged console at this time. It will take a good amount of work still to get it to that phase as there are several issues that it has. Once it is closer in the pipeline and we have all these random issues resolved, that will be another item on the plate to muscle into working form. The goal is to have it secured and stable enough to present it to not only the master account, but any additional users as well.


#3

One of the major issues is that if you type whoami at the console, you’ll realize you’re logged into the shell as www-data. We are working very hard not to introduce vulnerabilities that would allow a non-master user to gain root control of the box – giving www-data full sudo access would certainly fit that bill.

I am not entirely certain if it is possible to run a web script that is displayed by apache by any user other than www-data…

However, I just tested this out: Any of the commands in visudo that are granted to www-data with nopasswd can be run from the webconsole, i.e systemctl restart [email protected], etc.


#4

Have you looked at just using shell in a box?


I was playing with it on a local system and I could log into it as root on my slack system.


#5

maybe make this a suggestion see how many people would like to see this option integrated into quickbox.


#6

That is pretty cool @RXWatcher! I’ll see about implementing that instead.


#7

systemd scripts: http://pkgs.fedoraproject.org/cgit/rpms/shellinabox.git/tree/