Need to allow users to run a script/program on a remote Linux box

[LeonarD26]

I have a development Linux server and I have a script (sh in this case) that restarts certain processes. I log onto this box and run it manually as requested by the developers. I'd like some way where the developers can run a batch file or whatever which will call and run said sh script so I don't have to do it.

The biggest issue is security. I don't want the developers to have root or any other user access to the Linux server. I'd really appreciate any ideas / recommendations.

Thanks!

 

[jamesave]

can't they telnet?

 

[Armitage]

ssh -l username boxname scriptname

 

[LeonarD26]

Users could telnet/ssh into the box, but I don't want to give them access. The only thing I want is for them to be able to restart the appserver... Could I create a user with minimal access that can run a wrapper script which then calls the master restart script??

 

[Celeryman]

Do you have a web server running on it? You could make a cgi that would restart the appserver with a simple .htaccess protected page.

 

[LeonarD26]

That's not a bad idea. I was thinking of writing a cron job that checks every few minutes if new code has been moved and if so, restart....

 

[LeonarD26]

Ok, so I think I know what I want to do. Only question I still have is I want to read values from a file using an sh script..... any ideas how to do that???

 

[wallsfd949]

sudo


[edit]:

I don't want the developers to have root or any other user access to the Linux server.

What would setting up a limited user account with sudo access to execute the 1 restart script harm? If the have a user account, and your box is properly maintained, there shouldn't be any security issues with that.

 

[bersl2]

Make a user account with said script as the shell?

 

[LeonarD26]

I've decided to use the setuid and setgid permissions to allow uses to run the script while logging in with a limited user account. Seems simple enough to set up, but doesn't seem to be working correctly. Do you need to enable setuid permission on the box before this works?