What is the most sane way to run this script securely?
If you really care about security, require the web client to provide a passphrase and use an ssh key. Then run the script under ssh-agent
, and for the sensitive parts do ssh root@localhost command...
. You probably will want to create ssh keypairs just for this purpose, as typing one's normal SSH passphrase into a web form is not something I would do (who trusts your web form, anyway?).
If you don't want quite this much security, and if you really, really believe that your web form can correctly authenticate its users, without any bugs, you could instead decide to trust the web server to run the commands you need. (I wouldn't.) In this case I would use the /etc/sudoers
file to allow the web server to run the commands of interest without providing a password. Then your script should use sudo
to run those commands.