Giving people limited shell access to your server

At work, I develop all kinds of backend software. We have a team of testers for high-level testing (in addition to the many unit-tests we have).

At some point, I had written a Perl script that was going to run daily, from cron, processing some input and generating some output. Since our testers currently don’t have shell access to our development servers, the challenge was to find a simple way for them to test this script, with different inputs, and verifying that the output was correct.

I looked around on the internet for a simple solution to this. I couldn’t find any. So I wrote a solution myself: WRATS – Web Restricted Access To Server.

With WRATS, you can allow people to perform the following actions via a browser:

  • Read a file
  • Edit a file
  • Execute a file
  • Browse a directory and read all files in that directory

By default, all access is denied. You have to grant permission to each action on each item individually. For example, you can allow people to read the file /data/input.txt or edit the file /var/www/test/status.

There is no authentication in WRATS. This is by design – adding pluggable authentication would have made it too complex and too much work. If you want to make sure WRATS can only be used by certain users, I suggest you use your web server to do that.

WRATS has been designed with security in mind. For example, it is not possible to specify both edit rights and execute rights on a single file – that would make it possible to execute arbitrary code. Also, filenames passed by the user are strictly checked before any action is performed.

WRATS allowed our testers to edit the input file, execute the script, and read the output file. They were happy, because they didn’t have to come to me anymore to ask me to run the script for them with the input they had emailed me just before, and I was happy, because of the same reason. And the rest of the team was happy, because WRATS can be used for other projects in the future as well.

You can find WRATS on my github page. I hope it’ll be useful to you one day!

This entry was posted in software development and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.