[英]how to execute bash script inside vps remotely
I have a task to give to a second developer the ability to restart gunicorn service, without giving him access to whole virtual machine, he is able to upload his projects files via ftp in his projects directory, but he can't restart gunicorn himself.我的任务是让第二个开发人员能够重新启动 gunicorn 服务,而无需让他访问整个虚拟机,他可以通过 ftp 在他的项目目录中上传他的项目文件,但他不能自己重新启动 gunicorn。
my "script.sh" is:我的“script.sh”是:
sudo service gunicorn restart
i can execute script.sh myself in terminal with this command, it works fine:我可以用这个命令在终端自己执行 script.sh,它工作正常:
./script.sh
How can i execute this script remotely?我怎样才能远程执行这个脚本? Maybe via url?
也许通过 url? Or maybe if there any other better ways to complete this task, please share
或者如果有其他更好的方法来完成这个任务,请分享
Thank you!谢谢!
I like two of your ideas most, one is writing a service that detect uploaded files in specific directory
我最喜欢你的两个想法,一个是编写一个检测特定目录中上传文件的服务
Basically a script:基本上是一个脚本:
inotifywait /the/dir -m -e CREATE,CLOSE | while read -f action file; do
rm "$file"
systemctl restart that_thing
done
with maybe some filtering on specific file names and/or password checking like the content of the filename has to be some password.可能对特定文件名和/或密码检查进行一些过滤,例如文件名的内容必须是一些密码。
If you do not use Linux, instead of inotifywait you could just poll for the file existence, each second or so.如果您不使用 Linux,而不是 inotifywait,您可以每秒左右轮询文件是否存在。
See man inotifywait
, https://mywiki.wooledge.org/BashFAQ/001 + https://mywiki.wooledge.org/BashGuide .见
man inotifywait
, https://mywiki.wooledge.org/BashFAQ/001 + https://mywiki.wooledge.org/BashGuide 。 I doubt your server uses rc-scripts, it's 2021, consider moving to systemd.我怀疑您的服务器使用 rc-scripts,现在是 2021 年,考虑迁移到 systemd。 https://www.linode.com/docs/guides/introduction-to-systemctl/ + https://www.shubhamdipt.com/blog/how-to-create-a-systemd-service-in-linux/ .
https://www.linode.com/docs/guides/introduction-to-systemctl/ + https://www.shubhamdipt.com/blog/how-to-create-a-systemd-service-in-linux/ 。
And second is to give to the developer access with which he could trigger only specific commands
其次是给开发人员访问权限,他只能触发特定的命令
Setup ssh server, give the developer an user account, install sudo
and then create a file in /etc/sudoers.d/other_developer
with the content:设置 ssh 服务器,给开发者一个用户帐户,安装
sudo
然后在/etc/sudoers.d/other_developer
中创建一个文件,内容为:
otherdeveoperuseraccount ALL=(root) NOPASSWD: /usr/bin/systemctl restart that_service
Then the other developer will be able to run that specific command.然后其他开发人员将能够运行该特定命令。
See man sudo
and man sudoers
and https://unix.stackexchange.com/questions/279125/allow-user-to-run-a-command-with-arguments-which-contains-spaces .请参阅
man sudo
和man sudoers
和https://unix.stackexchange.com/questions/279125/allow-user-to-run-a-command-with-arguments-which-contains-spaces 。 Overall, as to how to setup ssh server and add user accounts, interest in some basic introduction to Linux computer administartion - surely there are endless online.总的来说,关于如何设置 ssh 服务器和添加用户帐户,感兴趣的对 Linux 计算机管理的一些基本介绍 - 网上肯定有无穷无尽的。
The ONLY command
which forcibly runs on ssh for this user.The ONLY command
。# 1. Create a user with shell = /bin/sh & no home-dir
sudo adduser limiteduser --shell=/bin/sh --no-create-home
# 2. Restrict further in sshd_config
nano /etc/ssh/sshd_config
## > Add the following at the end
Match user limiteduser
ForceCommand /path/to/restart-script
# ForceCommand ls # Tried this for testing.
PS: Some side effects include limiteduser
having access to tunnel ports. PS:一些副作用包括
limiteduser
用户访问隧道端口。 Since the user already has FTP access;由于用户已经拥有 FTP 访问权限; I am assuming that security requirements aren't super tight.
我假设安全要求不是非常严格。
/path/to/ftp/folder/request-restart.txt
/path/to/ftp/folder/request-restart.txt
[Per-minute]
Write a cron job which checks for this file & runs the restart script & deletes the file. [Per-minute]
编写一个 cron 作业来检查该文件并运行重启脚本并删除该文件。
request-some-other-command
for the user.request-some-other-command
。# cron-watch-n-restart-script.sh
FILE="/path/to/ftp/folder/request-restart.txt"
if [[ -f "$FILE" ]]; then
/path/to/restart-script.sh
rm $FILE
fi
# Cron job entry (crontab -e): every minute
* * * * * /path/to/cron-watch-n-restart-script.sh
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.