mrbadss Posted January 7, 2011 Share Posted January 7, 2011 How do you add a unmenu password to the web interface? Thanks, Reed Link to comment
Joe L. Posted January 7, 2011 Share Posted January 7, 2011 How do you add a unmenu password to the web interface? Thanks, Reed you cannot. It is an "awk" script, not a real web-server with security. Best you can do is install unRAID-web, then since it uses lighttpd add a password to its configuration and then not use the unMENU server at all. Link to comment
mrbadss Posted January 7, 2011 Author Share Posted January 7, 2011 ok, but when I put a root password in, the unraid menu (port 80) prompts me for a password but unmenu does not... Im learning linux so help me out here... .awk script? How is unmenu different than unraid web? How can I change the password? Forgive me but I am new to linux (but a quick study I think). Im trying to understand the architecture here... thanks, Reed Link to comment
Joe L. Posted January 7, 2011 Share Posted January 7, 2011 ok, but when I put a root password in, the unraid menu (port 80) prompts me for a password but unmenu does not... Im learning linux so help me out here... .awk script? How is unmenu different than unraid web? How can I change the password? Forgive me but I am new to linux (but a quick study I think). Im trying to understand the architecture here... thanks, Reed unRAID does not have a general purpose web-server. It has a very customized one known as "emhttp" which serves up the management web-pages. It has no ability to serve up arbitrary web-pages. Long ago I set out to explore improvements to the management interface trying to mock up many of the suggestions and desires mentioned in a thread on the forum. That thread is here: http://lime-technology.com/forum/index.php?topic=2110.0 My very first version of unMENU is shown here: http://lime-technology.com/forum/index.php?topic=2110.msg17888#msg17888 I found I was able to code a simple web-server using an interpreted language that existed on the unRAID server. That evolved into unmenu. The language I used is "awk". For the trivia fiends out there, "awk" was named by taking the last initial of the three authors who wrote it back at Bell Labs. Alfred V. Aho Peter J. Weinberger Brian W. Kernighan Al Aho is not too well known (he was the original author of "egrep" and "fgrep"), Pete Weinburger originally wrote libPW. (the regular expression library) Most will know Kernighan, he wrote the book on "C" language... I think he did a tiny bit of UNIX as well. You can see a manual page for GNU "awk" here: http://www.gnu.org/software/gawk/manual/gawk.html So.. unMENU is an "awk" script that listens on a port (8080) and pretends to be a web-server. It does a pretty decent job of pretending and I wrote it to be extensible... so it would be easy to add features and pages. It has no security, and cannot. awk does not provide the access to the low level TCP/IP interface I would need. (I doubt they even envisioned anybody being as crazy as I am to try to write a full featured server with it. Its authors just gave it the ability to read and write to network sockets... I took it from there.) uRAID-web is a package you can install using the package manager in unMENU. It installs a far more full-featured light-weight web-server that can have security added. "lighttpd" unRAID-web also installs "php" a language designed to be used on web-servers. unRAID-Web was written by BubbaQ. The thread describing it is here: http://lime-technology.com/forum/index.php?topic=3354.0 The unRAID-Web package also is designed to be extended. It contains an "extension" I wrote that allows you to invoke most of the unMENU pages. You can add security to unRAID-web, since it is a real web-server, but that is an exercise for you as it is well beyond the needs of 99.9% of its users. You can google lighttpd security to see how to configure it. There are no "GUI" screens to configure it, you need to do it in an editor. So, now you know almost as much as me... Joe L. Link to comment
SSD Posted January 7, 2011 Share Posted January 7, 2011 How do you add a unmenu password to the web interface? Thanks, Reed Some ideas are going through my head on how we might be able to validiate a root password (or something similar) before allowing access to unmenu. I'd have to discuss with Joe L. to see if it would be feasible. Can you please explain your goal in securing unMenu? Are you just trying to stop your family (non-technical users) from stumbling onto the page and messing up something or accessing something private? Or are you really trying to lock it down and be hacker proof so that you could expose the site over the Internet and feel well protected? Link to comment
mrbadss Posted January 8, 2011 Author Share Posted January 8, 2011 prevent someone from messing with it... so someone could go to that web page and essentially screw up the entire server... i just want simple password protection to prevent something stupid from happening. Reed Link to comment
kanth Posted January 22, 2011 Share Posted January 22, 2011 I have a method for semi-securing this I am working on. I understand quite well Joe's comments on why it can't be secured as it is an awk webserver on a port. He is right, there is no way of securing that. (or at least none I can think of off my head.. the fact that he wrote a webserver in AWK.. is awesomely crazy in itself... props to him!) However, he is also right that lighttpd can do this. I tried the UnRaid-Web plugin (unmenu plugin) that Joe wrote to do this. The issue with it is, some things don't work through the plugin. And that is kind of unacceptable to me. Also, I find, the only thing I really like in the unraid-web stuff is.. unmenu. And the start up of that requires a semi lengthy login.. (takes more than a few seconds). So without using that plugin. I am playing with it now, but I believe I can get it to work that if you go to tower:8080 it will prompt you for login credentials. If properly given it will execute a script that will stop the lighttpd server and then execute the unmenu server. You can do work and then via one of the custom user buttons, you can execute a stop of the unmenu server and a restart of the lighttpd server with the password. (I'm not sure if it would work exactly like that. I might have to just put two buttons in there.. Start Server, and Stop Server. Note that "while" the unmenu server is running, it would be unprotected. So the pattern would be hit the port, and do your work, then hit a LOGOUT button. Anyone hitting the server while it was in an unlocked state, would have access. It's not meant to truly be secure. But it is meant to stop some guy from randomly hitting it and messing up something. Note.. this security is just a little more convenient than stopping and starting unmenu from the command line. It still implies that unmenu would NOT be running except when you manually start and stop it. The only real difference is you wouldn't have to telnet in and execute it. I can probably add some code that would stop it (unmenu) after an hour or so. In case someone didn't hit a manual stop button. I'll have to think about it and play around with it. But hopefully I can put a package out there sometime next week. I have something working (a button starts unmenu) but it doesn't yet do all the pieces designed. I'll get back to this next week. (or over the weekend, since this interests me). Link to comment
Joe L. Posted January 22, 2011 Share Posted January 22, 2011 I have a method for semi-securing this I am working on. Sounds interesting... I understand quite well Joe's comments on why it can't be secured as it is an awk webserver on a port. He is right, there is no way of securing that. (or at least none I can think of off my head.. I've not thought of any yet either. Does not mean it is impossible, but it not easy. One possibility is to store a "session" cookie on the browser, and just initially put up a login page. the fact that he wrote a webserver in AWK.. is awesomely crazy in itself... props to him!)yeah, and now I'm describing session cookies, on an "awk" based web-server. However, he is also right that lighttpd can do this. I tried the UnRaid-Web plugin (unmenu plugin) that Joe wrote to do this. The issue with it is, some things don't work through the plugin. And that is kind of unacceptable to me. Also, I find, the only thing I really like in the unraid-web stuff is.. unmenu. And the start up of that requires a semi lengthy login.. (takes more than a few seconds).The reason for the lengthy login is that the "php" page I wrote as an extension is writing individual "php" "wrapper" pages for each of the unMENU plugin pages. Once that initial set of "php" pages is written, the unMENU extension works much more quickly. Ill be curious to learn what you discover but I think that session cookies might be the answer. Joe L. Link to comment
kanth Posted January 22, 2011 Share Posted January 22, 2011 Good idea on the session cookies. I'll try to work that into it. Might not make the first draft. I do unix administration as a job, and I have written some pretty NEAT things in php.. but unfortunately I don't use it but sparingly, and thus.. it seems I have forgotten it by the time it comes around to using it again. I can always get what I want to work. It just takes me 10 times as long to correctly grok the syntax. Link to comment
Joe L. Posted January 22, 2011 Share Posted January 22, 2011 Prior to writing the "php" extension for unRAID-web, I had not written any "php" pages. It was new syntax to me. The syntax is very similar to many other languages, and the programming concepts identical, so I just wrote the php extension to write itself. It is easier that way, since it tends to make fewer syntax errors. Have fun. unMENU is fairly easy to modify, since there are quite a few comments. We are just (a tiny bit) limited to what we can do through "awk's" tcp/ip interface.. Joe L. Link to comment
kanth Posted January 25, 2011 Share Posted January 25, 2011 Link to what I wrote is here: http://lime-technology.com/forum/index.php?topic=10491.0 Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.