awaisumar
Posts: 13
Joined: Sun Sep 16, 2018 10:32 pm

how to require username and password on remote shutdown of PI?

Sun May 19, 2019 3:57 pm

I am running a web server and have an HTML button which upon clicking shutdown pi. web server implemented using Flask.
now my question is how can I add some security and need username and password once i click on shutdown button.
I am using
sudo
but if i do not use then i cant shutdown the pi at all
here is the code snippet

Code: Select all

@app.route("/shutdown")
def shutdown():
    call("sudo nohup shutdown -h now", shell=True)

User avatar
DougieLawson
Posts: 35353
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: how to require username and password on remote shutdown of PI?

Sun May 19, 2019 4:04 pm

You can't protect that. You really shouldn't allow www-data to run sudo, it's a massive security exposure. Also you shouldn't ever run a flask web server with a privileged userid (or one in the sudoers file).
Note: Having anything remotely humorous in your signature is completely banned on this forum.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

dl324
Posts: 118
Joined: Mon May 06, 2019 7:33 pm
Location: Pacific Northwest, USA

Re: how to require username and password on remote shutdown of PI?

Sun May 19, 2019 4:18 pm

awaisumar wrote:
Sun May 19, 2019 3:57 pm
how can I add some security and need username and password once i click on shutdown button
Put the shutdown command in a script that prompts for and validates username/password before executing the shutdown command.

As mentioned earlier, it's a bad idea to let users obtain elevated privileges.

tpyo kingg
Posts: 549
Joined: Mon Apr 09, 2018 5:26 pm
Location: N. Finland

Re: how to require username and password on remote shutdown of PI?

Sun May 19, 2019 4:55 pm

DougieLawson wrote:
Sun May 19, 2019 4:04 pm
You really shouldn't allow www-data to run sudo, it's a massive security exposure.
Or at least do not give carte blanche to www-data. sudo is not all-or-nothing, at least if configured correctly. You can lock www-data down so that the one single use is rather safe:

Code: Select all

www-data ALL=(root:root) NOPASSWD: shutdown -h now

User avatar
DougieLawson
Posts: 35353
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: how to require username and password on remote shutdown of PI?

Sun May 19, 2019 5:23 pm

That's unacceptable. You shouldn't have ANY lines in /etc/sudoers or /etc/sudoers.d/xxx files with NOPASSWD if you want a secure system.

With Apache2 you'd use suexec to allow CGI programs to run with elevated privileges.

Also HTTP basic-authentication (which can be used with Flask) is unacceptable as it flows the password as a base64 encoded string (not with strong encryption).

The way I'd do it, would be to have a server that runs as root listening on a socket. The CGI program running in the webserver connects to that server and sends a "shutdown" request. That could be done with MQTT (publish a "shutdown" message on a command & control topic and a privileged subscriber runs the shutdown command).

Anything left open or protected with weak or non-existent security allows a bad-actor to cause a denial of service on your server.
Note: Having anything remotely humorous in your signature is completely banned on this forum.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

tpyo kingg
Posts: 549
Joined: Mon Apr 09, 2018 5:26 pm
Location: N. Finland

Re: how to require username and password on remote shutdown of PI?

Sun May 19, 2019 5:42 pm

Please read that configuration example again. The NOPASSWD is pointed at an exact utility with very specific parameters. Any deviation from those specific paramters on that specific utility will result in access denied. Again, sudo is not all or nothing, but instead intended and capable of rather fine-grained access control.

Return to “Beginners”