Hi,
I have html page in my unix machine(server), which I will open with firefox or mozilla available in unix machine. Firefox or mozilla will be opened using x windows.
Since I have access to unix machien(like other users) and this HTML page is for user having access to Unix machine, I see no point in having webserver as I can use X windows instead to open HTML page.
However I am unable to find a way to execute shell script from this HTML page. Note this html page will be in same unix machine where my shell script resides.
There is a way to do this. However it requires many steps. There is a very good book on the subject: "CGI Programming on the World Wide Web" By Shishir Gundavaram. (ISBN: 1-56592-168-2)
whether or not it's possible with a modern browser or not is mostly irrelevant...it's just not a wise design choice all-around. Look at marketshare for HTAs under IE...
I'd venture a question of the OP: what makes you so against running an HTTPd on your machine? They don't all have to be heavy duty or burdensome. Look up Tiny-HTTP or similar lightweight, yet sturdy web server options.
Running HTTP server will require lots of permission.. hence not using HTTP.
However isn't it funny that through html page residing in unix machine, I cannot directly execute shell script in same unix machine? I feel there would be a way.
The reason is quite simple: the HTML page is only displayed in your browser. There's nothing executed outside. And whenever the browser access a local file it only reads it. No execution, no interpreting, ...
And that's a good thing too. Imagine, if you will, a malicious site tricks you into downloading a shell script. Nothing fancy, just a simple "rm -f" or a small fork bomb. All it then needed to do would be to provide you with a link to that script (simply done with JS for example), have the browser execute it, and BOOM.
As for the "permissions" issue: a small webserver like lighttpd can be set up in a matter of minutes, including CGI support.
Thanks I got yor point.
Since I was opening firefox from same unix machine where my shell script resides I thought I would get some kind of ADVANTAGE - like executing scripts directly/ (and)or ftp without need of login and password. Anyways it seems my expectaion was not correct
What action do you want the shell script to perform? This would be helpful in determining the best path for design, and for analyzing security risks. I would not recommend it, but if you're interested in having httpd (or whatever your Apache web server user/group is set to) be able to access and run the file as the owner, try looking into SUID/GID for Apache. If you're going to proceed, I would really look into CGI or a standard practice designed to avoid security pitfalls. It can be a pain to mess with permissions. However, the structure of permission based access is there for a reason.
