Article <100ra17$bv9e$1@dont-email.me>

Deutsch English Français Italiano
<100ra17$bv9e$1@dont-email.me>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From: Rich <rich@example.invalid>
Newsgroups: comp.os.linux.misc,comp.sys.raspberry-pi
Subject: Re: Simple way for web to execute root shell script.
Date: Sat, 24 May 2025 02:13:59 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 45
Message-ID: <100ra17$bv9e$1@dont-email.me>
References: <100pphq$2taj$2@dont-email.me> <100qfmc$78ks$3@dont-email.me> <100qmo3$8ldq$1@dont-email.me>
Injection-Date: Sat, 24 May 2025 04:14:11 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="1373b4ca21246985a01f943942dbcd6d";
	logging-data="392494"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX18slF5yqW1qGV9meXLIqUuL"
User-Agent: tin/2.6.1-20211226 ("Convalmore") (Linux/5.15.139 (x86_64))
Cancel-Lock: sha1:knNJbiJvCMBCNC/tegGWcmFmM4Q=

In comp.os.linux.misc The Natural Philosopher <tnp@invalid.invalid> wrote:
> On 23/05/2025 19:44, Rich wrote:
>> In comp.os.linux.misc The Natural Philosopher <tnp@invalid.invalid> wrote:
>>> I have a shell script that monitors hardware stuff - it needs to run
>>> as root and be called by Apache as user www.
>>>
>>>   Bookworm linux on a Pi4.
>>>
>>> Its all inside a domestic firewall so security is not a huge issue.
>>> What is the quickest and simplest solution to this?
>> 
>> You've been given lots of options already.  But not this one.
>> 
>> What "hardware stuff" is it monitoring?  If it is reading files in
>> /proc and/or /sys to obtain its "data" then another alternative would
>> be to setup /proc and /sys to be mounted group or world readable (or to
>> reset permissions on the necessary files via a rc.local boot script to
>> group or world readable).  That would let the script "monitor" without
>> being root.  Then you could even convert the script into a CGI script
>> (which Apache is more than able to execute, and doing so for minimal
>> text output involves the script outputting a handful of HTTP headers
>> before the monitor data) and get your "monitoring data" back via
>> Apache.
>> 
> Sadly the data is not available in /sys or /proc AFAIK.

Yeah, at least the smart data is not (as far as I am aware) available 
via /proc or /sys.

Another option.  You could setup a cronjob, as root, to run your script 
on some periodic basis (once per minute, every 10 minutes, etc.) and 
save the results into a file that is readable via the 'www' user (or to 
save the info directly into a file in the Apache htdocs hierarchy from 
where you want to retreive it).

Then you can 'pull' the data via Apache from that file.

You'd have data that is up to date as of the last run of the script, 
but you would not have the "exactly now it is Y" aspect (unless your 
AJAX pulled just after a cronjob run *and* you were watching the 
'meters' at that very moment).

You could even include a "date" as the first line, so you could see if 
something got hung by the time value being too far in the past.