View Issue Details

IDProjectCategoryView StatusLast Update
0000536unrealircdpublic2022-06-19 20:21
ReporterPoisonDart316 Assigned Tosyzop  
PrioritynormalSeverityfeatureReproducibilityN/A
Status closedResolutionno change required 
Product Version3.2-beta13 
Summary0000536: Config changes through WEB
DescriptionHello this is kind of an outrageous idea since it probally wont happen, maybe because of security flaws or what not, but I was thinking that Unreal should have a thing where u can edit a persons config file through a web page if you set an OPER to have access to it. They have one in Conference Room (the gayest ircd), but it would be a good idea.
TagsNo tags attached.
3rd party modules

Relationships

related to 0003140 resolvedsyzop RPC communication 
related to 0004501 closedsyzop An XML-RPC interface. 

Activities

codemastr

2002-12-14 17:12

reporter   ~0000849

This is actually on todo. Yes you are right there are security problems, but there are ways around that as well. You can for example only allow certain hostmasks to access the interface, also require a login/passwd, etc.

vorte[x]

2003-01-20 18:08

reporter   ~0001120

I've already started on making PHP scripts for this - Its coming along quite nicely - Currently shows IRCd status/logs and Epona services status/logs along with some minor FTP/SSHd status on the linux/unix boxes.

Stealth

2004-10-19 21:48

reporter   ~0008046

wow... this is old. I kinda like the idea. I wonder what happened to it on the todo list.

syzop

2004-10-19 23:16

administrator   ~0008049

Last edited: 2004-10-19 23:21

This got moved to Unreal3.3*
It was/is planned to be a webserver-in-unreal, in fact *some* of that stuff was present in Unreal3.2*.. obviously since it never became anything working it got removed, we'll have a new opportunity for doing this in 3.3, and then in a more cleaner way :).

edited on: 2004-10-19 23:21

w00t

2004-10-24 07:54

reporter   ~0008099

Makes the future sound rather exciting O_O

aquanight

2004-10-30 21:42

reporter   ~0008189

Last edited: 2004-10-30 21:43

Only thing is, I fear this might become a method for lazy admins to "generate" a config file without having to read anything, thus this interface should only be available when the ircd successfully starts, and the configuration changes should only apply in-memory (e.g., a manual /rehash will undo everything). Naturally in this case changes requiring a restart (such as editing the me block or unloading a permanent module) should not be available.

edited on: 2004-10-30 21:43

Stealth

2004-10-30 21:53

reporter   ~0008190

> Only thing is, I fear this might become a method for lazy admins to "generate" a config file without having to read anything

I think they weren't exactly thinking about making a config GUI on the web interface... that would take too much time to maintain.

Also, you need a working config to start the IRCd, and you need to start the IRCd to access it through the web. If the conf is bad, the IRCd doesnt start, you dont get a web interface. There will simply be nothing there to respond to the web requests.

codemastr

2004-10-31 12:03

reporter   ~0008197

[quote]thus this interface should only be available when the ircd successfully starts[/quote]
Well, this is pretty obvious. To configure the web interface you must first have an unrealircd.conf -- you need to be able to specify the IP:port it runs on, the list of user/passwords/hosts that can access it (and what access they get), etc. So if the unrealircd.conf doesn't already exist, the web interface can't exist either!

[quote]this interface should only be available when the ircd successfully starts, and the configuration changes should only apply in-memory[/quote]
That is exactly what we do *NOT* want to do. You can already add many lines in-memory, just type /kline, /gline, /sqline, for example. There would be no need for a web interface for this. The goal of the web interface is to make a "safe" shell. What I mean is, you are an admin. You link to a network that has a policy of requiring the netadmins to have shell access. This can be dangerous. You may have other things on the shell that the netadmins should never have to go anywhere near, or for that matter, that they have no business knowing you have. Maybe you run a database for a website that has personal information about customers, the netadmins should not have access to this. Additionally, shell access makes it easy for someone to accidentily screw something up. They rm the wrong file, they accidentily kill the wrong PID, etc.

This is where the web interface comes in. It provides a safe way for the netadmins to be able to make necessary configuration changes to your server, while at the same time preventing them from messing with anything else. It also makes them accountable because the log will show that they logged into the web interface and that they made some changes. So they can't go screw with stuff behind your back. Remember, if they have shell access, they can modify the logs. With the web interface, they can't.

It also provides a way to severely limit access (further making it safe). For example, I don't want my opers to edit the unrealircd.conf, but I do want them to be able to edit ircd.motd. My server uses a quote of the day type of thing in the MOTD, and I want my opers to be able to change the MOTD when they see a good quote. So I set them up with access to the web interface, but I limit them to the ircd.motd editor.

Lastly, it provides Windows users with a way to have a "shell." When you run Unreal on Windows, you can't give your co-admin shell access simpy because Windows does not have a shell. The web interface solves this.

[quote]I think they weren't exactly thinking about making a config GUI on the web interface... that would take too much time to maintain.[/quote]
My basic idea for the web interface is:
status.html - basically a /lusers output
config.html - a basic unrealircd.conf editor (Similar to the one in the Windows version)
motd.html - same but for motd/rules/etc.
logs.html - log viewer (with some nice searching tools)

The thing is though, I intend the web interface to be module accessible. So just as an example, I'm sure Angrywolf would add a staff.html to configure his /staff module's staff list. So of course, if modules can do stuff, there would be the possibility that someone could create a fully "wizard" like config editor, however, I have no intention of including that in Unreal. The idea is to have a very basic system that provides a lot of power and configurability while also allowing it to be expandable, it is not designed to make users have less work to do.

aquanight

2004-10-31 12:13

reporter   ~0008198

Ah, I see where you're going with this. Just simple text editor showing the contents of unrealircd.conf and pressing the Submit button writes the file and rehashes the server? In that case, yes I think this would probably be a good idea :) .

syzop

2015-07-19 18:46

administrator   ~0018527

no longer on todo

Issue History

Date Modified Username Field Change
2004-10-19 21:48 Stealth Note Added: 0008046
2004-10-19 23:16 syzop Note Added: 0008049
2004-10-19 23:21 syzop Note Edited: 0008049
2004-10-24 07:54 w00t Note Added: 0008099
2004-10-30 21:42 aquanight Note Added: 0008189
2004-10-30 21:43 aquanight Note Edited: 0008189
2004-10-30 21:53 Stealth Note Added: 0008190
2004-10-31 12:03 codemastr Note Added: 0008197
2004-10-31 12:13 aquanight Note Added: 0008198
2015-07-19 18:46 syzop Note Added: 0018527
2015-07-19 18:46 syzop Status acknowledged => closed
2015-07-19 18:46 syzop Assigned To => syzop
2015-07-19 18:46 syzop Resolution open => no change required
2022-06-19 20:20 syzop Relationship added related to 0003140
2022-06-19 20:21 syzop Relationship added related to 0004501