Issue 170 in shellinabox: How to use '-s' option ?
29 views
Skip to first unread message
shell...@googlecode.com
Mar 28, 2012, 2:51:20 AM3/28/12
to shell...@googlegroups.com
Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 170 by iyar...@gmail.com: How to use '-s' option ?
http://code.google.com/p/shellinabox/issues/detail?id=170
The manual is too simple. I cant't understand how to use '-s' option
rightly ?
For example, I can't understand what does ' -s :/AUTH:HOME:SHELL' mean ?
Is there someone can explain it ?
Thanks very much.
shell...@googlecode.com
Apr 30, 2015, 10:35:31 AM4/30/15
to shell...@googlegroups.com
Comment #1 on issue 170 by joshu...@gmail.com: How to use '-s' option ?
https://code.google.com/p/shellinabox/issues/detail?id=170
I agree it's a bit confusing, took me a while to figure it out. It all
depends on what you want to do. If you just want to serve a terminal shell,
then you don't need all those options, but my guess is you want to serve a
particular binary like htop. I'm service a perl script, but it makes no
differance. My -s option looks like this...
-s '/myapp:nobody:nogroup:/dev/null:perl /path/to/script.pl -flags'
Lets work backwards... as clearly, the section after the last ':' is the
command you want to run.
the previous section is the path you want to run it from. Ultimately if you
are locking shellinabox down to a single app, then it doesn't really
matter. I like to go the extra paranoid mile and specify my path as
/dev/null, though most people just put a '/' in this section.
The section prior to that is the user and group who is running the command.
For security reasons, it's best to set this as nobody and nogroup
particularly if this is going to be internet facing.
The very first section before the first ':' is the path of the web
server... so to view my shellinabox service, i go to mydomain.com/myapp.
One more quick example for illustration... john is part of group 'admin'.
He wants to see what files are in his home folder when he goes to
johndomain.com/files. He will do this by running 'watch' over the 'ls'
command from his folder, running as his user.
-s '/files/:john:admin:/home/john/:watch ls -l'
If he tried to run this as nobody:nogroup instead of john:admin, he'd get
an error when he tried to view the page saying 'access denied' because the
nobody user does not have read access to johns folder.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
Reply all
Reply to author
Forward
0 new messages