Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
88 lines (56 sloc) 2.22 KB

Welcome to Django-runcommands documentation!

runcommands: execute system commands from urls.

Quickstart

Install the application:

pip install django-runcommands

And then add an entry for the runcommand's view in your URLCONF, for each command you wish to make accessible:

# urls.py
from runcommands.views import RunCommandView


urlpatterns = patterns(
    '',
    url(r'^hello/$', RunCommandView.as_view(command='echo Hello World')),
    url(r'^top/$', RunCommandView.as_view(command='top -b -n1')),
)

Your command outputs are now available at /hello/ and /top/.

Hacking

Setup your environment:

git clone https://github.com/magopian/django-runcommands.git
cd django-runcommands

Hack and run the tests using Tox to test on all the supported python and Django versions:

make test

Why

Have you every wanted to allow someone to simply run a command on your production server, but without having to provide her with a ssh access, create her a (restricted?) account, train her to connect using ssh...

Let's take a few use cases:

  • deploy the latest version of the website: run a git pull, send the HUP signal to gunicorn...
  • get metrics from the server, the easy and simple way: du, df, who, top -b -n1...
  • clean sessions, update cache
  • plug a web hook (from github or bitbucket) to automatically do something on the server on each commit

Security

Yes, this is a potential security hole. If you configure a url that'll run rm -rf, you might have an issue on your hands.

In a more general way, if the command takes some time/cpu/memory, you'll provide an easy way to an attacker to DOS your server.

You should definitely protect those urls, using decorators like login-required or permission_required...