DEPRECATION WARNING

This documentation is not using the current rendering mechanism and is probably outdated. The extension maintainer should switch to the new system. Details on how to use the rendering mechanism can be found here.

EXT: Web Shell

Author:Kasper Skårhøj
Created:2002-11-01T00:32:00
Changed:2010-03-11T19:23:16
Author:Andreas Beutel
Email:typo3@mehrwert.de
Info 3:
Info 4:

EXT: Web Shell

Extension Key: mw_shell

Copyright 2003-2010, Andreas Beutel, <typo3@mehrwert.de>

This document is published under the Open Content License

available from http://www.opencontent.org/opl.shtml

The content of this document is related to TYPO3

- a GNU/GPL CMS/Framework available from www.typo3.com

Table of Contents

EXT: Web Shell 1

Introduction 1

What does it do? 1

Screenshots 1

Users manual 2

How to use it 2

Known problems 3

Limitations 3

Safe Mode 3

To-Do list 3

Changelog 3

Introduction

What does it do?

The web shell provides limited shell access to a UNIX server running TYPO3. It's a tool you can use to execute arbitrary shell-commands or browse the filesystem on your remote webserver. This replaces, to a degree, a normal ssh-connection. You can use it for transferring your site as a compressed file, and then unpack it on the webserver, administration and maintenance of your website using commands like ps, free, du, df etc... The module is available only for TYPO3 Backend- Admins and should be used with care. If you don't know what you're doing, you may damage your TYPO3 installation! It will add a new menu entry in the »Tools« section of the backend.

  • You may execute any available command on the server (through PHP shell_exec())
  • Commands are executed with the priviledges of the user running the webserver process
  • It is a tool for experienced users only that have no shell access but must execute some special commands

Screenshots

On the first access the Shell tries to read the MOTD (Message of the Day) and prompts your to input your command. The default path will be the document root of the webserver.

img-1

Users manual

You may not be the same user when using the shell, as you are when you upload your files with ftp. On some systems you will be 'nobody', on other systems you will become 'httpd' or 'www-data'. This is a rather dangerous "feature" of the shell! So use it at your own risk.

How to use it

The web shell has the following elements:

The command input box

Here you can type a command, and when you press the "Execute command" button the command will be executed in the current working directory.

If your command is 'cd something', then it won't be executed like an ordinary command - the current working directory will be updated instead. This works with both relative and absolute paths.

And if your command is 'ls', then it will be changed to 'ls -F'. This makes ls append indicators to the filenames: directories end with a slash, executable files will end with an asterisk and so on.

The current working directory

This is the directory where all command are being executed. You can use the dropdown-box to choose a new working directory. To quickly jump toward the root of the filesystem, just click on one of the links to jump to that directory.

The Output

Here goes the output from your commands. You will be able to scroll thought the box if the output is to large to fit inside. It is only output to stdout that goes into the Output box. This can be rather confusing, because then sometimes you just don't get any output. There's a workaround, that fixes the problem most of the time. If you select "Enable stderr-trapping" your command <cmd> will be executed this way:

<cmd> 1> /tmp/output.txt 2>&1; cat /tmp/output.txt; rm /tmp/output.txt

It is done by simply appending the arguments to your command. It redirects all output from your command to a file, both stdout and stderr. It then shows the file, and cleans things up when finished. It's quick and dirty, and will only work if you haven't already redirected the output.

There is no general manual about UNIX commands, so you should know the basics about UNIX and Linux to use this module. Some examples show the principle.

((generated))
Examples

Here are some examples for Unix commands you can execute. These examples may be helpful, if you for example want to change directory permissions or untar/unzip some files. This is not a command reference, just some examples.

which

Command

which

Options

Example

which ls

Description

shows the complete path to the command.

ls

Command

ls

Options

-l, -a, -la

Example

ls -la

Description

displays the content of a directory (normally set in the path-field)

chmod

Command

chmod

Options

-R

Example

chmod 775 filename.ext

Description

change permissions of an object

chown

Command

chown

Options

-R

Example

chown wwwrun filename.ext

Description

change ownership of an object

tar

Command

tar

Options

-x, -v, -z, -f

Example

tar -xzf filename.tar.gz

Description

expand a gzipped tar-file in the current directory

rm

Command

rm

Options

Example

rm filename.ext

Description

delete a file. Unrecoverable!

Known problems

Limitations

There are some limitations on what kind of programs you can run. It won't do no good if you start something like Netscape or even vi. All programs have to be strictly command-line programs, and they will have no chance of getting user input after they have been lunched. They probably also have to terminate within 30 seconds, as this is the default time-limit imposed unto all PHP-scripts, to prevent them from running in an infinite loop. Your ISP may have set this time-limit to something else. But you can rely on all the normal shell- functionality, like pipes, output and input redirection, etc... (There is no <tab>-completion, though :-)

Safe Mode

If PHP is running in Safe Mode, then you cannot use PhpShell - sorry. Safe Mode restricts the commands that can be executed using the shell_exec() call in PHP, and it also restricts the files and directories that can be accessed using other calls in PHP.

The effect is, that PhpShell simply doesn't work - you cannot change directory and you cannot execute any commands.

Safe Mode is often used on servers that host several websites for different users to limit the users ability to peek at each others files.

  • This module reveals all the security problems that exist on a host due to shell command execution and misconfiguration of PHP! It is meant to be a tool for admins who are experienced in using a command line shell (without having real shell access).
  • Sometimes output from commands will not be displayed
  • You may have to specify the complete path to the command to execute it (use which <command> to find it out)

To-Do list

History for last 10 commands (JavaScript), so one can select previously used commands and modify them.

Changelog

  • 2003-09-03 first public release
  • 2004-01-02 Complete rewrite. Is now based on PhpShell by Martin Geisler. The manual also contains parts of the the original readme. PhpShell is copyright (C) 2000-2003 Martin Geisler < gimpster@gimpster.com >. It is licensed under the GNU GPL.
  • 2004-02-22 Added minor features and did a code review and cleanup
  • 2005-02-10 Minor update to support open_basedir (Thanks to Michael Stucki for the input on this issue!)
  • 2010-03-11 Minor update to support PHP 5.3: removed deprecated ereg() (Thanks to Florian for the input on this issue!) and fixed a minor bug in expode statement for current path

img-2 EXT: Web Shell - 3