command
The 'command' directive in the NGINX Execute module allows the execution of system commands via HTTP requests.
Description
The 'command' directive is configured within a location block of an NGINX server block and accepts a single argument, which activates the handler for the execution of shell commands. When enabled (set to 'on'), it allows HTTP GET or POST requests with specific arguments to execute shell commands on the server. The commands are parsed from the request parameters, specifically looking for the pattern 'system.run[command]'.
The module parses incoming requests and extracts the command to be executed from the URL arguments. This extraction is done using a simple parsing function that identifies the command and any associated parameters. After executing the command using a dedicated execution function, the result is collected and returned to the client as the response payload. It's important to note that the commands run have to be suitable for the permissions of the NGINX process, and therefore careful consideration should be given to security when using this functionality.
Due to the potential for execution of arbitrary commands, it is advisable to only enable the 'command' directive in trusted environments or disable it completely in production settings. The module also discards commands that require user interaction or are continuous processes, as they are not designed to fit into the HTTP request-response model.
Config Example
location / {
root html;
index index.html index.htm;
command on;
}Ensure that the commands executed do not require user interaction, as they will not function properly.
Be cautious about security implications of exposing command execution via HTTP; restrict command types and input validation is essential.
Remember that the permissions of the NGINX user affect which commands can be successfully executed.