On Wed, May 07, 2008 at 10:23:21AM +0430, Armin ranjbar wrote:
> do you know any console based application which could replace root shell
> to allow some tasks ( configuration of ip addresses , etc ) get done by
> using menus ?
firstly to do the root stuff, you'll need sudo or similar. write wrapper
scripts to do specific tasks, and then configure sudo to let particular
users run them as root. don't trust the user input too much, just the
bare minimum needed to get the job done.
actually, don't trust user input at all - sanity check all input data,
dont use it directly for command-line args, and transform it or quote it
to make it safe. if the scripts are in perl, use taint mode - it will
warn you when your code will use unsafe/tainted data to do something
if they are shell scripts, you'll need to do your own taint checking,
and never use bare variable names as arguments to programs or in
if/while/case etc statements - instead, wrap them in quotes.
e.g. don't do stuff like this:
if [ $USERDATA = "bar" ] ; then
case $MOREUSERDATA in
these break if $USERDATA is null or contains more than one "word". and
anything could happen if /bin/foo is careless about using its args.
do stuff like this, instead:
if [ "$USERDATA" = "bar" ] ; then
case "$MOREUSERDATA" in
oh yeah, use hard-coded paths when running programs. don't trust the
user's PATH or anything else in their environment.
in general, hard-code as much as possible into the scripts, and when
writing them spend a lot of time thinking about possible ways that your
script could be abused/exploited, and then make sure that those exploits
be very wary of running vi (or any program which lets you run other
programs) as root. instead copy the file to a temporary location, using
tempfile(1) to get a safe temp filename, invoke the user's favourite
editor as the logged in user, and then have a sudo script which copies
the edited file into place (check the return code of the editor to find
out if the user saved or quit first). the sudo copying script should
make sure permissions are correct after copying. oh yeah, checking the
file into RCS before and after editing it is a good idea - if they screw
up, you can revert to any prior version.
there's lot of other security issues to think of. these are a reasonable
starting point. there are numerous FAQs and HOWTOs and so on available
on the net which can help get you into a properly paranoid and cautious
frame of mind.
overall: be paranoid.
once you've done that, you'll need a menu-ing program.
there are numerous programs and packages to choose from. here's a
about 15 years ago, i set up a simple text menu system using lynx as
the front end. it can (or could at the time, dunno if it still can) run
in more recent years, i've written stuff using libcurses-ui-perl
(which does a lot more than just menus). i like it. i'll use it again.
if you can program at all, this is very easy to learn and use.
if for some reason i needed to look for something different, or more
focused on menus, i'd probably look at first at pdmenu, or maybe
libperlmenu-perl just because they're packaged already for debian.
never used them, don't know how good they are.
there are many other options.
try googling for 'curses text +console +menu' or similar.
 Package: libcurses-ui-perl
Maintainer: Debian Perl Group <firstname.lastname@example.org>
Depends: libcurses-perl, libterm-readkey-perl, perl (>= 5.6.0-16)
SHA256: 74cea4a8caff49f7c79fb776a20694ff801ad222fa915b0b9c 127e1b0c16873f
Description: curses-based OO user interface framework for Perl
A UI framework for Perl based on the curses library. Curses::UI contains
the standard set of widgets for use in constructing user interfaces, plus
the following more advanced widgets: calendar, progress bar, text editor
(including word wrapping and undo), and text viewer. It supports a
variety of dialog windows, from the standard basic and error dialogs to
file browsers, progress bars, and a calendar. Curses::UI also has
internationalization support and currently has localization information
for several languages.
erl, devel::library, implemented-in:
erl, interface::text-mode, role::devel-lib, role::shared-lib, uitoolkit::ncurses
 Package: pdmenu
Maintainer: Joey Hess <email@example.com>
Depends: libc6 (>= 2.6.1-1), libgpmg1 (>= 1.19.6-1), libslang2 (>= 2.0.7-1)
Suggests: menu (>= 2.1.29)
Conflicts: menu (<< 2.0.0-5)
SHA256: d59046d184baa66281c050fd57e823b155d0f145ebb584944d 02593b42d900ac
Description: simple console menu program
A full screen console menu program, intended to be comfortable login shell
for inexperienced users.
Pdmenu interfaces with Debian's menu system, to provide
automatically-generated lists of installed programs.
Tag: interface::shell, interface::text-mode, role:
rogram, scope::utility, suite::debian, uitoolkit::ncurses, use::browsing
 Package: libperlmenu-perl
Maintainer: Deepak Tripathi <firstname.lastname@example.org>
Depends: perl (>= 5.6.0-16), libcurses-perl
SHA256: a92d54c005ef118bb15ea4dada6e55a03a4fd8c1c329e98fd5 0a82709dda8837
Description: Menu and Template (curses-based) UI for Perl
perlmenu is a Perl module that provides your application
with access to easy-to-use functions for templates,
menus, forms, and the like -- everything needed
to put a slick UI on a program without resorting to
craig sanders <email@example.com>
There are two types of Linux developers - those who can spell, and
those who can't. There is a constant pitched battle between the two.
-- From one of the post-1.1.54 kernel update messages posted to c.o.l.a
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org