Makes sense. Was thinking the same... Just doing this for learning actually. I think it makes sense tho to do it in Python, Ruby or something else, if you want to steamline it in some way with structure/architecture. I would like to see the bash version tho :-)
I have created my second Python script, and would appreciate comments, contributions or just someone to discuss it with, as i am sure it can be optimized in many ways, as it is a part of my learning. The script is for configuring UNIX/Linux machines with shell scripts with Python - So pretty much a Python way of Fucking shell scripts.
Along this line, you might find "cogs" (a toolkit for developing command-line utilities in Python) useful to build upon, it's an internal tool we use at Prometheus that's MIT licensed: https://bitbucket.org/prometheus/cogs
Hehe the shell scripts are executed one by one chronologically, but the request to the servers are asynchronously. Does not work so good yet tho... need to fix it :-)
EDIT: With that said... could be awesome we contributions.
I also believe that exec() is not dangerous if you use it right, and if your www-data/apache-user do not got any sudo rights to risk someone to take advantage of your machine. This have been proved from various sources, if i know right. I understand it can be a security hole if you let the user write anything, but this is eg. not the case with Linux-dash.
SELinux if left enabled (as it should be...) will help mitigate the risks. But root access often isn't necessary to totally screw you. For example, adding a machine to a botnet does not require root, nor does accessing the data for your application (such as databases and local files owned/manipulated by your apache user).
> I also believe that exec() is not dangerous if you use it right
Just about anything can be "safe" if "used right" - that's a caveat big enough to land a 747 in, one only need define all unsafe uses as incorrect for it to become a truism that tells us nothing. And that's a pretty defensible definition for anything web facing!
Statistics will eventually catch up to us, and we will eventually find new and novel ways to use things wrong despite all attempts not to. Ergo: exec is dangerous. With care, you may safely navigate the danger.
For my own curiosity, I looked at some of the source. I'd fear parsing all those $ and {}s in strings to verify they're all awk variables and not PHP variables would quickly desensitize me to actual errors when reviewing or auditing such code. I'm not a PHP dev: Hopefully you have lint tools or somesuch less ignorable than syntax highlighting to catch the stray typo which eludes human review? As others have mentioned, lack of sudo is far from sufficient protection.
I think it is amazing with all the great suggestions everyone here support this post with. Much appreciated - thank you :-) I will add them to the post later, as a list with an URL to their website.
