I want to add an own .cgi under /srv/web/ipfire/cgi-bin which gives me the ability to start a cron under fcron.daily manually.
I tried some ways but without any success.
For example:
system ‘sudo sh /etc/fcron.daily/update-00test.sh’;
And for testing added the following to /etc/sudoers.d/setup:
system ‘sudo sh /etc/fcron.daily/update-00test.sh’;
Are you able to help?
The only goal I want to reach:
Start the .sh under /etc/fcron.daily/ via WebGUI.
well, technically, it certinaly is possible to run a custom Shell script out of a CGI.
For security reasons, however, we strongly recommend against this: IPFires’ security relies on a safety net (called “misc-progs”, technically a bunch of C programs) to isolate dangerous system calls from the web interface to the rest of an IPFire machine, permitting only defined, necessary commands.
Poking holes into that layer is counterproductive to the security of an IPFire system. Therefore, we neither want to encourage our users towards nor support such modifications. Thank you for your understanding.
this is indeed a very very bad idea. The web user interface is protected and runs with less privileges so that if it would be exploited in any way, the attacker does not have root permissions on the firewall.
Any actions that need more privileges have a small program that only performs a simple action.