What are the right ways to call shell commands (incl. those requiring root rights) from PHP/Java/Python web applications?

Question

I am looking forward to develop a remote system management web application (like Webmin is, for example). Obviously I am going to need to call shell commands to be executed as issued by root or another specific non-nobody user.

What are general guidelines for this task?

The only solution coming into my mind now is running the web server on a special port, which'd be made (by means of a firewall) only accessible for local and VPN-connected users. But maybe there are special tricks that can secure such an application even if it is exposed to public web?

Answer 1

Since we are talking about webapplications to control native tasks , you need to take in consideration several aspects (at least for Java, but usually for every well designed solution):

• Use an asynchronous model for executing the native tasks, since some of them may take quite longer, and in the browser, the user has no idea if it's something wrong with the machine or the internet, or whatever.
• Don't use Java Runtime#exec() directly cause it's quite easy to have things not working or making mistakes, or having code that behaves different on various machines, or at least use it with care: see this JavaWorld article about possible traps.
• If it's possible separate the the application in two parts: the webapplication and the "headless agent" that executes the tasks (and communicates securely with the webapplication). This way with one webapplication you can control several machines (having only the "agent" installed), and when something goes wrong with a machine, the webapplication is still responsive, and might initiate required recovery steps.
• When running on the same machine (webapplication and the agent with it's executable commands), you need a "backup plan" if the application "shoots itself in the foot", thus affecting your access to the machine.