Article <100se1l$mtrh$1@dont-email.me>

Deutsch English Français Italiano
<100se1l$mtrh$1@dont-email.me>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!weretis.net!feeder9.news.weretis.net!news.quux.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From: Chris Elvidge <chris@internal.net>
Newsgroups: comp.os.linux.misc,comp.sys.raspberry-pi
Subject: Re: Simple way for web to execute root shell script.
Date: Sat, 24 May 2025 13:28:35 +0100
Organization: A noiseless patient Spider
Lines: 94
Message-ID: <100se1l$mtrh$1@dont-email.me>
References: <100pphq$2taj$2@dont-email.me> <100qfmc$78ks$3@dont-email.me>
 <100qmo3$8ldq$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sat, 24 May 2025 14:28:37 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="3db182270d334adc86de71009664dd07";
	logging-data="751473"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX18HTLQMB/TE7Utnw6c/s0/adZgSNWn7RFY="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.2.1 Lightning/5.4
Cancel-Lock: sha1:9Fiqxi23ybjy5BOo6GMH35aetSQ=
Content-Language: en-GB
In-Reply-To: <100qmo3$8ldq$1@dont-email.me>
Bytes: 4797

On 23/05/2025 at 21:44, The Natural Philosopher wrote:
> On 23/05/2025 19:44, Rich wrote:
>> In comp.os.linux.misc The Natural Philosopher <tnp@invalid.invalid> 
>> wrote:
>>> I have a shell script that monitors hardware stuff - it needs to run
>>> as root and be called by Apache as user www.
>>>
>>>   Bookworm linux on a Pi4.
>>>
>>> Its all inside a domestic firewall so security is not a huge issue.
>>> What is the quickest and simplest solution to this?
>>
>> You've been given lots of options already.  But not this one.
>>
>> What "hardware stuff" is it monitoring?  If it is reading files in
>> /proc and/or /sys to obtain its "data" then another alternative would
>> be to setup /proc and /sys to be mounted group or world readable (or to
>> reset permissions on the necessary files via a rc.local boot script to
>> group or world readable).  That would let the script "monitor" without
>> being root.  Then you could even convert the script into a CGI script
>> (which Apache is more than able to execute, and doing so for minimal
>> text output involves the script outputting a handful of HTTP headers
>> before the monitor data) and get your "monitoring data" back via
>> Apache.
>>
> Sadly the data is not available in /sys or /proc AFAIK.
> I wanted information on the temperature and data volumes on the SSDs and 
> the temperature of the ARM core. Plus data on the amount of data being 
> transported over the ethernet interface.
> The tools that came to hand were vgcencmd, smartctl, df and ip. Plus 
> some sedery grepery and  awkery
> 
>   The script is (if you are interested)
> 
> #!/bin/bash
> smartctl -a /dev/sda | grep Celsius | awk '{print $10}'
> smartctl -a /dev/sdb | grep Celsius | awk '{print $10}'
> vcgencmd measure_temp | sed -e 's/temp=//' | sed -e "s/'C//"
> ip -s link show dev eth0 | awk 'FNR == 4 {print $1}'
> ip -s link show dev eth0 | awk 'FNR == 6 {print $1}'
> df -h | grep /dev/sd
> 
> A typical output is
> 
> 40
> 44
> 57.4
> 220513467
> 17430583
> /dev/sda2       110G  6.1G   98G   6% /
> /dev/sda1       510M   66M  445M  13% /boot/firmware
> /dev/sda3       366G  126G  222G  37% /home
> /dev/sdb1       219G  130G   78G  63% /backup
> /dev/sdb2       1.6T  1.3T  297G  81% /home/Media
> /dev/sda5       990G  559G  381G  60% /home/Media/Unedited
> /dev/sda6       366G   26G  322G   8% /backup2
> 
> 
> The intention is to poll that using AJAX and parse it into the position 
> of needles on dials in a web page.
> 
> I used to do this via SNMP, but less and less is available with SNMP and 
> its clunky as shit,
> 
> If any of that is in /proc or /sys. I would like to hear about it.
> 
> None of this is precision stuff: I am building an ARM based NAS and I 
> just need a quick and easy way to keep an eye on it to see if it gets to 
> hot or too full as I develop stuff
> 
> 
> 
> 

It seems to me that the only thing that needs root is smartctl, so

1) add www (www-data?) to disk group - sudo usermod -a -G disk www(-data)
2) add CAP_SYS_RAWIO to smartctl - sudo setcap 'cap_sys_rawio=ep' 
/usr/sbin/smartctl

Suggestion: assuming /usr/bin is in path but /usr/sbin isn't
#!/bin/bash
for i in /dev/sd?; do /usr/sbin/smartctl -a "$i" | awk '/Celsius/{print 
$10}'; done
vcgencmd measure_temp | sed -e "s/temp=//;s/'C//"
/usr/sbin/ip -s link show dev eth0 | awk 'FNR == 4 || FNR == 6 {print $1}'
df -h | awk '/^\/dev\// && gsub("  *"," ")'



-- 
Chris Elvidge, England
BEWITCHED, DOES NOT PROMOTE SATANISM