How to design a web application to manage many server nodes?

[Schubert]

There are currently more than 10 web server nodes. These server nodes
can be logged in using a root/public account. Then users can run a
series of management commands under CLI mode.

I currently have a web application. This application can add these
server nodes, and run the commands on the web application GUI.

My questions is, why I don't need to log in these server nodes to run
the commands? How to design and implement this web application. It is
already a product, so I don't know how it was designed and
implemented. The web application is using Jsp, but i am not sure what
the database it is using, probably oracle.

Anyone has some ideas?

 

[derek]

I dont understand your question.

First you say this: "These server nodes
can be logged in using a root/public account. Then users can run a series of management commands under CLI mode."

Then you say this: "My questions is, why I don't need to log in these server nodes to run the commands?"

These two statements don't match. Do you need to logon or not?
Are you asking how to logon? Are you asking why they need to logon? Are you asking why they dont need to logon? Are you asking something completely different?

 

[Schubert]

I dont understand your question.

First you say this: "These server nodes
can be logged in using a root/public account. Then users can run a series of management commands under CLI mode."

Then you say this: "My questions is, why I don't need to log in these server nodes to run the commands?"

These two statements don't match. Do you need to logon or not?
Are you asking how to logon? Are you asking why they need to logon? Are you asking why they dont need to logon? Are you asking something completely different?

Hi, I am asking something completely different. There are two cases.
One is to login to these servers directly. The other is just to login
to the web application and do not need to login these server again.
In the second case, after I have logged in to the web application, why
I don't need to log in these servers one by one to execute the
commands, which were originally need to be logged in and run?

Are there any mapping done there?

Thanks,Schubert

 

[Martin Gregorie]

Hi, I am asking something completely different. There are two cases.
One is to login to these servers directly. The other is just to login
to the web application and do not need to login these server again.
In the second case, after I have logged in to the web application, why
I don't need to log in these servers one by one to execute the
commands, which were originally need to be logged in and run?

Are there any mapping done there?

If your web servers are running as root (or the user its running under
has root privileges) then the applications may well "just run" and are
accessible to the world: probably that's not a good idea.

You should at least put a password on the page that runs them. For
Apache you'd put it in a separate directory along with a file called
..htaccess that contains something like:

==========start of .htaccess content=========
AuthName "Sensitive details"
AuthType Basic
AuthUserFile /usr/local/etc/sensitive.pw

require valid-user

Order Allow,Deny
Allow from yourlan.domain
==========end of .htaccess content===========

where the file referenced by AuthUserFile is someplace that's not
accessible to the web server and contains a valid username and encrypted
password. Use htpasswd to create this file.

If you consider this to be too lightweight for decent security you
should consider running the webserver in a chroot jail or remove this
function from your web server.