×

INDI Library v2.0.6 is Released (02 Feb 2024)

Bi-monthly release with minor bug fixes and improvements

Indi Web Manager Shut down button for Pi

  • Posts: 554
  • Thank you received: 138
It's possible to tie the sudoers down a bit more by specifying just the commands you want to run without a password:
user_name ALL=(ALL) NOPASSWD: /sbin/poweroff, /sbin/reboot, /sbin/shutdown

In Windows a one line batch file will do what's required:
start cmd.exe /C "ssh This email address is being protected from spambots. You need JavaScript enabled to view it. sudo poweroff"

It's necessary to set SSH to run without requesting a password, that's well documented.

I see the security issue a bit like not having a lock on my fridge. If someone's broken into my house they can open my fridge and steal my beer - which reminds me...

Chris
Last edit: 4 years 2 months ago by Chris Rowland. Reason: Typo
4 years 2 months ago #47963

Please Log in or Create an account to join the conversation.

  • Posts: 407
  • Thank you received: 74
Yes I had already done the "user only" sudoers but it didn't work every time for some reason. Plus I wanted to change things to stop having to put in the password on any command - lazy I know.

No good looking in my fridge its empty except Thursday (shopping day)!

I presume you put the extra lines in a user file under sudoers.d so that updates dont clear out your mods ?

I dont use Windows SSH as it doesn't work across all Windows O/S (yes I still have some "older" versions running)
RPI3 Ubuntu 16.04 / AMD desktop Kstars under Ubuntu 16.04 Mounts :azeq6 ,SWAZGoTo

RPI3 Fedora testing out on AMD desktop Fedpra 28 - running kstars 2.9.4 , Indilib 1.7.4 ?????
4 years 2 months ago #47986

Please Log in or Create an account to join the conversation.

  • Posts: 269
  • Thank you received: 53
Chris
After a bit of experimenting you could try the following:
Add a text control to the web page to capture the password to send to sudo using the -S option which accepts a password through stdin. The only downside is that the password is sent as plain text.
If there is no password assume sudo is not needed and simply execute "poweroff"
Otherwise execute: echo <password> | sudo -S poweroff
e.g. I have tried the following with success on the command line in Ubuntu 20.04:
echo "mypassword" | sudo -nS reboot
echo "mypassword" | sudo -nS poweroff

Or I could have a crack it myself

Edit: added the -n option to suppress the password prompt
Last edit: 3 years 3 months ago by Ken Self. Reason: add -n option
3 years 3 months ago #65075

Please Log in or Create an account to join the conversation.

  • Posts: 269
  • Thank you received: 53
Correction. Its just:
echo "mypassword" | sudo -S reboot
echo "mypassword" | sudo -S poweroff

Doesn't work with -n
3 years 3 months ago #65080

Please Log in or Create an account to join the conversation.

  • Posts: 269
  • Thank you received: 53
I have now got it working on my machine.
If anyone wants to try the revised code it's at: github.com/ken-self/indiwebmanager
If it works OK for everyone then I can raise a PR

To get it to work I did the following:
Added a control to the web page to capture a sudo password (see form.tpl)
Send the password in JSON with the POSTed reboot and poweroff commands (see indi.js)
If password is not specified perform the reboot/poweroff without sudo (see main.py)
Otherwise perform the reboot/poweroff with sudo using option -k to force prompt for password and -S to take password input from STDIN
Replaced the reboot and poweroff cammands with shutdown -r/-P so I could then add a delay of 1 minute. That way, if it works a success response is received by the web client. Otherwise it would error as the server would shut down right away before posting success.
Any error in the sudo or shutdown commands result in an error response to the web client

Possible improvements:
Work out how to get rid of the "Sorry, try again" message from sudo which gets logged when the password is incorrect
Clear out the password control after executing the reboot/shutdown
Change message seen by user to "Reboot in in one minute" rather than "Reboot succeeded"
Add a button to cancel reboot/poweroff
ETA: Only stop the server if shutdown is successfully scheduled. Or don't even bother as it wil stop when the system shuts down anyway
Last edit: 3 years 2 months ago by Ken Self.
3 years 2 months ago #65120

Please Log in or Create an account to join the conversation.

  • Posts: 269
  • Thank you received: 53
Cancel button has now been added. So you have one minute from getting a reboot/poweroff success to cancel it. Because of that I also removed the server stop when reboot or poweroff is requested so it is still running if you cancel the shutdown.
Oddly, the cancel works without sudo or password even though on the command line sudo is needed. I guess that is a feature rather than a bug :)
Cosmetically, success messages are now cleared when a new reboot/poweroff is requested and the password is cleared on return from the server.
3 years 2 months ago #65199

Please Log in or Create an account to join the conversation.

Time to create page: 0.508 seconds