Hey Guys,
I want to add an own .cgi under /srv/web/ipfire/cgi-bin which gives me the ability to start a cron under fcron.daily manually.
I tried some ways but without any success.
For example:
system ‘sudo sh /etc/fcron.daily/update-00test.sh’;
And for testing added the following to /etc/sudoers.d/setup:
system ‘sudo sh /etc/fcron.daily/update-00test.sh’;
Are you able to help?
The only goal I want to reach:
Start the .sh under /etc/fcron.daily/ via WebGUI.
Thanks and regards,
Jan
Hi,
please don’t do this.
Instead, please log onto your IPFire machine via SSH, and execute the desired script this way.
Thanks, and best regards,
Peter Müller
Hi Peter,
thanks for the feedback.
I know how to LogIn via SSH.
But the question was, how to be able to start a .sh-script via a button on an .CGI-Page.
I think, it’s possible, but as often, “I’m standig in the wood.”: 
Thanks and regards,
Jan
Hi Jan,
well, technically, it certinaly is possible to run a custom Shell script out of a CGI.
For security reasons, however, we strongly recommend against this: IPFires’ security relies on a safety net (called “misc-progs”, technically a bunch of C programs) to isolate dangerous system calls from the web interface to the rest of an IPFire machine, permitting only defined, necessary commands.
Poking holes into that layer is counterproductive to the security of an IPFire system. Therefore, we neither want to encourage our users towards nor support such modifications. Thank you for your understanding.
Thanks, and best regards,
Peter Müller
Hello Jan,
this is indeed a very very bad idea. The web user interface is protected and runs with less privileges so that if it would be exploited in any way, the attacker does not have root permissions on the firewall.
Any actions that need more privileges have a small program that only performs a simple action.
You don’t want to break this.