Path: ...!weretis.net!feeder9.news.weretis.net!news.quux.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail From: Chris Elvidge Newsgroups: comp.os.linux.misc,comp.sys.raspberry-pi Subject: Re: Simple way for web to execute root shell script. Date: Sat, 24 May 2025 13:28:35 +0100 Organization: A noiseless patient Spider Lines: 94 Message-ID: <100se1l$mtrh$1@dont-email.me> References: <100pphq$2taj$2@dont-email.me> <100qfmc$78ks$3@dont-email.me> <100qmo3$8ldq$1@dont-email.me> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Sat, 24 May 2025 14:28:37 +0200 (CEST) Injection-Info: dont-email.me; posting-host="3db182270d334adc86de71009664dd07"; logging-data="751473"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18HTLQMB/TE7Utnw6c/s0/adZgSNWn7RFY=" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 Lightning/5.4 Cancel-Lock: sha1:9Fiqxi23ybjy5BOo6GMH35aetSQ= Content-Language: en-GB In-Reply-To: <100qmo3$8ldq$1@dont-email.me> Bytes: 4797 On 23/05/2025 at 21:44, The Natural Philosopher wrote: > On 23/05/2025 19:44, Rich wrote: >> In comp.os.linux.misc The Natural Philosopher >> wrote: >>> I have a shell script that monitors hardware stuff - it needs to run >>> as root and be called by Apache as user www. >>> >>> Bookworm linux on a Pi4. >>> >>> Its all inside a domestic firewall so security is not a huge issue. >>> What is the quickest and simplest solution to this? >> >> You've been given lots of options already. But not this one. >> >> What "hardware stuff" is it monitoring? If it is reading files in >> /proc and/or /sys to obtain its "data" then another alternative would >> be to setup /proc and /sys to be mounted group or world readable (or to >> reset permissions on the necessary files via a rc.local boot script to >> group or world readable). That would let the script "monitor" without >> being root. Then you could even convert the script into a CGI script >> (which Apache is more than able to execute, and doing so for minimal >> text output involves the script outputting a handful of HTTP headers >> before the monitor data) and get your "monitoring data" back via >> Apache. >> > Sadly the data is not available in /sys or /proc AFAIK. > I wanted information on the temperature and data volumes on the SSDs and > the temperature of the ARM core. Plus data on the amount of data being > transported over the ethernet interface. > The tools that came to hand were vgcencmd, smartctl, df and ip. Plus > some sedery grepery and awkery > > The script is (if you are interested) > > #!/bin/bash > smartctl -a /dev/sda | grep Celsius | awk '{print $10}' > smartctl -a /dev/sdb | grep Celsius | awk '{print $10}' > vcgencmd measure_temp | sed -e 's/temp=//' | sed -e "s/'C//" > ip -s link show dev eth0 | awk 'FNR == 4 {print $1}' > ip -s link show dev eth0 | awk 'FNR == 6 {print $1}' > df -h | grep /dev/sd > > A typical output is > > 40 > 44 > 57.4 > 220513467 > 17430583 > /dev/sda2 110G 6.1G 98G 6% / > /dev/sda1 510M 66M 445M 13% /boot/firmware > /dev/sda3 366G 126G 222G 37% /home > /dev/sdb1 219G 130G 78G 63% /backup > /dev/sdb2 1.6T 1.3T 297G 81% /home/Media > /dev/sda5 990G 559G 381G 60% /home/Media/Unedited > /dev/sda6 366G 26G 322G 8% /backup2 > > > The intention is to poll that using AJAX and parse it into the position > of needles on dials in a web page. > > I used to do this via SNMP, but less and less is available with SNMP and > its clunky as shit, > > If any of that is in /proc or /sys. I would like to hear about it. > > None of this is precision stuff: I am building an ARM based NAS and I > just need a quick and easy way to keep an eye on it to see if it gets to > hot or too full as I develop stuff > > > > It seems to me that the only thing that needs root is smartctl, so 1) add www (www-data?) to disk group - sudo usermod -a -G disk www(-data) 2) add CAP_SYS_RAWIO to smartctl - sudo setcap 'cap_sys_rawio=ep' /usr/sbin/smartctl Suggestion: assuming /usr/bin is in path but /usr/sbin isn't #!/bin/bash for i in /dev/sd?; do /usr/sbin/smartctl -a "$i" | awk '/Celsius/{print $10}'; done vcgencmd measure_temp | sed -e "s/temp=//;s/'C//" /usr/sbin/ip -s link show dev eth0 | awk 'FNR == 4 || FNR == 6 {print $1}' df -h | awk '/^\/dev\// && gsub(" *"," ")' -- Chris Elvidge, England BEWITCHED, DOES NOT PROMOTE SATANISM