Option to Shutdown the server machine from the ShowCenter
Some users have requested the ability to shutdown their PC from the ShowCenter UI. On Windows 2000 and XP, there is a 'shutdown' command available on the command line. It would probably be a good idea to impose a wait of say 60 seconds before the shutdown operation so that the user has the chance to cancel it (in case they selected the option by accident).
shutdown -s -t 60 would cause the computer to shutdown in 60 seconds.
shutdown -a would abort a shutdown For Linux, we need to get the user to do one of two things:
chown a shutdown script within the SwissCenter installation to be owned as root, and chmod +S the file so that it will execute as root (the file will call the shutdown command).
or
Setup sudo by editing the /etc/sudoers file (using VISUDO) and add a line that allows the webserver user to execute the shutdown command:
wwwrun ALL = NOPASSWD: /bin/shutdown
The only difference between the methods is that the first one would create a file which any user on the system could run to shutdown the machine, while the second approach would allow only the webserver user to perform the shutdown (but might require the user to install sudo).
shutdown -s -t 60 would cause the computer to shutdown in 60 seconds.
shutdown -a would abort a shutdown For Linux, we need to get the user to do one of two things:
chown a shutdown script within the SwissCenter installation to be owned as root, and chmod +S the file so that it will execute as root (the file will call the shutdown command).
or
Setup sudo by editing the /etc/sudoers file (using VISUDO) and add a line that allows the webserver user to execute the shutdown command:
wwwrun ALL = NOPASSWD: /bin/shutdown
The only difference between the methods is that the first one would create a file which any user on the system could run to shutdown the machine, while the second approach would allow only the webserver user to perform the shutdown (but might require the user to install sudo).
Leave a comment
Remark: I would NOT add the webserver to the sudoers list, never ever! This opens the machine completely for hackers. If you once found some eggdrop on your webserver machine which even restarted itself via the users crontab, you know what I'm talking about (this is why I even forbid the webserver to edit its crontab).
As for the S bit, this may be an option. But be aware of one thing: Since this is open source, hackers find that earlier or later and will for sure try to abuse it. So I would add another security level:
The script needs to contain a password hash. A password needs to be passed to the script, which is (after encoding it with md5) checked against the stored hash. Moreover, execution should be restricted to a list of IPs allowed to shut down the server - in most cases this will simply be one IP, the one of the client player.
This makes it much harder (even if not impossible) to abuse the functionality.
As for the S bit, this may be an option. But be aware of one thing: Since this is open source, hackers find that earlier or later and will for sure try to abuse it. So I would add another security level:
The script needs to contain a password hash. A password needs to be passed to the script, which is (after encoding it with md5) checked against the stored hash. Moreover, execution should be restricted to a list of IPs allowed to shut down the server - in most cases this will simply be one IP, the one of the client player.
This makes it much harder (even if not impossible) to abuse the functionality.
Remark: I would NOT add the webserver to the sudoers list, never ever! This opens the machine completely for hackers. If you once found some eggdrop on your webserver machine which even restarted itself via the users crontab, you know what I'm talking about (this is why I even forbid the webserver to edit its crontab).
As for the S bit, this may be an option. But be aware of one thing: Since this is open source, hackers find that earlier or later and will for sure try to abuse it. So I would add another security level:
The script needs to contain a password hash. A password needs to be passed to the script, which is (after encoding it with md5) checked against the stored hash. Moreover, execution should be restricted to a list of IPs allowed to shut down the server - in most cases this will simply be one IP, the one of the client player.
This makes it much harder (even if not impossible) to abuse the functionality.
As for the S bit, this may be an option. But be aware of one thing: Since this is open source, hackers find that earlier or later and will for sure try to abuse it. So I would add another security level:
The script needs to contain a password hash. A password needs to be passed to the script, which is (after encoding it with md5) checked against the stored hash. Moreover, execution should be restricted to a list of IPs allowed to shut down the server - in most cases this will simply be one IP, the one of the client player.
This makes it much harder (even if not impossible) to abuse the functionality.