Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 17
Hi. I am a newbie. Is it possible to Change the IP address of the server using bash CGI. If it is, can some one give me basic bash cgi ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2012
    Posts
    6

    Changing the IP address of the server using bash CGI


    Hi.

    I am a newbie.

    Is it possible to Change the IP address of the server using bash CGI.

    If it is, can some one give me basic bash cgi code to do this?

    Please assist.

  2. #2
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,398
    Theoretically yes, but there is a high chance of
    - killing your connection or
    - disconnected the whole server or
    - interfere with the other server config (firewall, other listening daemons, sync processes, etc)

    Imho, there is a difference in what can be done vs what should be done.
    You must always face the curtain with a bow.

  3. #3
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,398
    Also, this cgi script will need elevated privileges, which is also not recommended.

    What do you actually try to achieve, what is your usecase?
    In general, dhcp can be used for central IP control.
    Usually at boot time.
    You must always face the curtain with a bow.

  4. #4
    Just Joined!
    Join Date
    Jan 2012
    Posts
    6
    I have a device which has a linux O.S onboard.
    I am attempting to create a webpage that will be used to configure the device (e.g. change the IP address from the webpage).
    I managed to view the environmental attributes form the webpage, but how do I change them (just the IP address)?

  5. #5
    Just Joined!
    Join Date
    Aug 2006
    Posts
    16

    why change IP

    There may be a number of reasons for changing IPs - and some of them might even be legitimate! Generally, though, there's a reason you've got the IP you have. It's either statically assigned, self-assigned or it was obtained from a DHCP server on the network.

    Static assignment has the advantage of independence from DHCP, which may be important in some server contexts. If you are doing static assignment, then you should make sure that the IP can't be assigned to another device through DHCP by having a chat with your network administrator. He or she will also be able to supply you with the netmask and default gateway for your network, which you'll need for doing the static assignment. It sounds from your question like you want to do static assignment.

    Self-assigned IPs (usually starting with 169.) happen generally when the network interface can't see a DHCP server within a reasonable amount of time. I have yet to find a good use for self-assigned IPs.

    Dynamically assigned IPs (provided by a DHCP server) are the preferred route for all but the very rare instance in modern networks. In a home network, it is often the wireless router which acts as a DHCP server, or the DSL/Cable modem. The DHCP server has the ability to associate your MAC number with an IP number, and if you don't manage the DHCP server, you should chat with the manager of the DHCP server to find out what the options are. If you are the manager, you might want to read the manual on the device that's providing DHCP to see how you can do these assignments.

    Notice how I'm saving for last the actual method for changing the IP number on your device. I'm trying to communicate that this is a bad idea, generally. However, if you insist...

    Depending on your distribution of Linux, a static number can be assigned in /etc/sysconfig/network/config (openSuSE) or a similar configuration file in other distributions, and "service network restart" be called to reinitialize the network card. You'll most likely lose connection with the server at this point.

    Of course, you can use the ifconfig command to do this directly, but if the distro's config hasn't been changed, the next time the network service is restarted you'll revert to the old IP.

    Here's the ifconfig syntax:

    Code:
    ifconfig eth0 <ipnumber> netmask <netmask>
    for example,
    Code:
    ifconfig eth0 192.168.1.33 netmask 255.255.255.0
    Note that the netmask has to be right. You can google or wikipedia that one.
    But this is only half the battle: you've now got to deal with the default route, also known as the gateway.
    When connected to any network, there needs to be an IP number that is set up to handle packets that belong to another network. That IP number is your default route. In the example above, any IP address not beginning with 192.168.1 needs to be reached through the gateway. (Which you understand because you just read the article on Netmasks.) Normally DHCP supplies this gateway, but since you're not doing DHCP, you need to get this info from your network manager. Once you've got it, then you can run the following command:
    Code:
    route add default gw <gateway>
    for example...
    Code:
    route add default gw 192.168.1.1
    All the best!
    John



    Quote Originally Posted by wayne213 View Post
    I have a device which has a linux O.S onboard.
    I am attempting to create a webpage that will be used to configure the device (e.g. change the IP address from the webpage).
    I managed to view the environmental attributes form the webpage, but how do I change them (just the IP address)?

  6. #6
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    Quote Originally Posted by wayne213 View Post
    I have a device which has a linux O.S onboard.
    I am attempting to create a webpage that will be used to configure the device (e.g. change the IP address from the webpage).
    I managed to view the environmental attributes form the webpage, but how do I change them (just the IP address)?
    What is the Linux distro of your device? Or what is it based on? Knowing this will help us to understand what network configuration files you'll need to modify.

    You'll need to use sudo (as Irithori hinted at) or something similar to be able to modify the network (either on the fly or permanently). This is assuming your Linux device's webserver is not running as root (e.g., Apache uses the apache or nobody account, typically), but others may happily run as root (thttpd does, or did, the last time I used it).

    Have you gotten a simple bash CGI script working yet? That is the first order of business, if you haven't gotten that far yet. I prefer using Perl for CGI scripts myself, as it is far more friendly to such things, but I'm guess you may not have it available on your device.

  7. #7
    Linux User
    Join Date
    Nov 2008
    Location
    Tokyo, Japan
    Posts
    260
    A lot of home routers have HTML interfaces that let you configure them using a web browser, so I am guessing this is the kind of thing you are looking to do.

    But CGI will only tell you the IP address, there is no way to change the IP address by simply changing the variable. You need to use "ifconfig" which will sever your connection, like Irithori said. If it were me, I would have the CGI it start a simple process in the background that waited like 5 seconds before resetting the IP address, and then resetting the web server. So your "background" script will look like this:
    Code:
    #!/bin/bash
    sleep 5            # wait for 5 seconds
    ifconfig "$@"      # set the IP address using parameters passed to this script
    apache2ctl restart # restart the web server with the new IP address
    Then your CGI script could use Sudo to run the "background" script by passing the same arguments you would pass to IFConfig:
    Code:
    export SUDO_ASKPASS="/path/to/password-program"
    sudo -A /path/to/scripts/background "$ETHDEV" "$IP" netmask "$MASK" gw "$GW" &
    and then have the CGI script present a message that the "settings will be changed in 5 seconds". Your CGI script may also want to redirect back to a login page.

    The code above has a "password-program". Make sure your permissions are in place, and that password program is only executable by the web server deamon:
    Code:
    chown apache password-program
    chmod 500 password-program
    This password program needs to output a plaintext password to the "sudo" program.

    The password program could be anything that outputs a plain-text password. It would be best if you had a more secure mechanism for retrieving a password, but even a simple, shell script will work as the password-program:
    Code:
    #!/bin/sh
    if [ "$(whoami)" == 'apache' ]
    then echo 'My-Apache-Admin-Password'
    else echo 'Up yours, hackzors.' >&2 ; exit 1
    fi
    Since Sudo is run by the web server daemon, you need to make sure the "apache" account has Sudo permissions set in the /etc/sudoers file.
    WARNING: This is very risky. If anyone figures out how to login to your system and change users to "apache" using Su or Sudo, they could create a CGI script that can execute malware as root using Sudo anytime by simply accessing a webpage on your server. This probably goes without saying, but NEVER do this on a mission critical server.
    Last edited by ramin.honary; 01-24-2012 at 04:48 AM.

  8. #8
    Just Joined!
    Join Date
    Jan 2012
    Posts
    6
    Isn't there a simpler way?

    The IP address of the device is the same as the server IP (The device is the server).
    For instance, opening the /etc/network/interfaces file using a grep command so that only the eth0 part of the file will show, and then change the IP address on the file, save it and restart the device.

    Is that possible?

  9. #9
    Linux User
    Join Date
    Nov 2008
    Location
    Tokyo, Japan
    Posts
    260
    Quote Originally Posted by wayne213 View Post
    Isn't there a simpler way?
    For instance, opening the /etc/network/interfaces file using a grep command so that only the eth0 part of the file will show, and then change the IP address on the file, save it and restart the device.

    Is that possible?
    Well, no, because you still need to execute "ifdown" and "ifup" after changing "/etc/network/intefaces" for the changes in that file to take effect, which requires root access just like using IFConfig. So using IFConfig is actually easier. You only edit /etc/network/interfaces when you want to make a permanent change that persists across reboots.

    And you still need to restart your web server daemon so it can use the new IP address. Without restarting the web server, you probably won't be able to access your computer via HTTP once IFConfig has executed. Restarting the web server at least requires access to web server administrator's user account, which may also require Sudo. That is why I suggested you put both commands, "ifconfig" and "apache2ctl restart" in a "background" script and execute it in one go.

    If you are thinking of wireless cards, for example how a laptop can easily change it's the IP address, this is possible because there are services like "DBus" which are already running as root on your system. But these services are also protected by the root password and can only be issued by Sudo, so again, IFConfig is easier.

    Finally, Grep cannot really edit files, it only displays selected lines from the contents of the file. Editing /etc/network/interfaces from within a script will require something a bit more complex, for example:
    Code:
    #!/bin/bash
    
    # This script must be run by "sudo" and must
    # have IPADDRESS, GATEWAY, and NETMASK all
    # defined on "sudo's" command line, like this:
    # sudo IPADDRESS="192.168.0.100" GATEWAY="192.168.0.1" NETMASK="255.255.255.0" /path/to/this/script
    
    
    # turn off networking
    ifdown eth0
    
    # modify the /etc/network/interfaces file
    cat >/etc/network/interfaces <<-__END__
    iface eth0 inet static
        address $IPADDRESS
        gateway $GATEWAY
        netmask $NETMASK
    __END__
    
    # start networking back up again.
    ifup eth0
    One thing you must realize, the IP address of a Linux computer is VERY important, and it is a terrible idea to let just anyone change it whenever they want over the internet. Even if you put in place password protections, the changes you make to your machine can introduce vulnerabilities that hackers can exploit more easily. It also can disrupt your web services, so changing the IP address might cause other programs that relied on that service to freeze. So the the IP address of the system is sacred, and there are many guards in place to make sure only the administrator can change it.

    That is why it is not as easy as it seems to change it from a CGI script, but you should be thankful for that.
    Last edited by ramin.honary; 01-24-2012 at 06:01 AM.

  10. #10
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    yes.

    you can do it pretty easily with sed. here is pseudo-code:

    Code:
    sed -i.bak 's/old_ipaddress/new_ipaddress/' /etc/network/interfaces
    you'll have to clean that up.

    if your web server is not run by root, you'll need a sudo entry for said user. There is a command called visudo that is a syntax-checking editor specifically for modifying the sudo file (/etc/sudoers, typically). you'll need to get the name of the user running your webserver, then create an entry like this:

    Code:
    web_user ALL = (root) NOPASSWD: /bin/sed
    That would allow the web user to go hog wild with the sed command. Not very wise. what would be better is if you write a script that takes IP information as args to it, then allow the web user to just run that command via sudo.

    e.g. your IP changing script (let's say /usr/local/bin/change_ip) might look like this (pseudo-code):
    Code:
    #!/bin/bash
    new_ip=$1
    new_nm=$2
    # these sed commands won't work as-is, fix them up
    sed -i.bak "s/old_ipaddr/$new_ip/" /etc/network/interfaces
    sed -i.bak "s/old_netmask/$new_nm/" /etc/network/interfaces
    then your sudo line would look like this:

    Code:
    web_user ALL = (root) NOPASSWD: /usr/local/bin/change_ip
    and in your CGI script you'd do something like:

    Code:
    sudo /usr/local/bin/change_ip $new_ip $new_nm
    you might also want to put in a sudo entry to restart networking or restart the box.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •