3

So I'm an Linux fan and word is spreading. People bring their laptops to me to have a new installation. Now I want to help people easier without requiring them to bring me their laptop. I'm looking for an application that would allow me to:

  • Download a puppet script from my server or easily feed a script send via email into it,
  • Authenticate the script and make sure it originates from myself (GnuPG comes to mind here),
  • Run the script as root via puppet, so it can make the necessary system changes,
  • Send the output as an email to me.

Is there something out there that would allow me to do this with the correct controls in place? Doesn't necessarily have to be puppet, bash or ansible or whatever would be nice as well. Ssh is not an option, most home connections that people use are behind a NAT router. I do not want a direct access connection, just the ability to tell someone "here, run this script the way I showed you" without them having to open a terminal.

I'm thinking about writing something to do this, but there might be something out there that I'm simply not aware of?

Tim Stoop
  • 93
  • 4
  • If it matters, I generally install Linux Mint, but a solution would preferably be desktop-agnostic. – Tim Stoop Jun 04 '15 at 15:48
  • Attention: Running admin scripts from an Internet server or email is exactly the propagation vector of computer viruses, which most security packages do try to block. Are you sure you want to open this doorway on your friends' computers? – harrymc Jun 09 '15 at 14:15
  • 1
    Hence the signing. I want a secure solution, where trust is explicitly given. – Tim Stoop Jun 09 '15 at 15:08
  • Digital signatures can be counterfeited. – harrymc Jun 09 '15 at 15:17
  • I think you can make a huge amount of money if you can counterfeit GnuPG signatures without the private key! It's Pretty Good ;-) – Tim Stoop Jun 09 '15 at 15:19
  • What about _teamviewer_? They speak well about it. I love Linux but **is not magic**. It's difficult you can realize a unique script (and keep it always updated) able to install on different trademark lapotop a Linux distribution... and/or to fix problem that will arise... Better if your friends to ask __remote help__ _on domand_... If you are asking yourself if it works behind NAT [just read it](https://www.teamviewer.com/en/help/9-Does-it-work-behind-firewalls-proxy-server-and-NAT-routers) – Hastur Jun 10 '15 at 11:42
  • I can do remote help just fine by utilising OpenVPN and ssh, but I rather give them the option to simply run scripts themselves. We're not talking repartitioning or something here, just stuff like installing Spotify. Things that are easy to do with a puppet script (for example), but very hard if you just want to **use** computers without learning about them. That's why they asked my help in the first place, they want it to Just Work(tm). – Tim Stoop Jun 10 '15 at 11:46

2 Answers2

0

Why reinvent the wheel? If these are "Just Work" type folks, they aren't going to want to deal with downloading a script, making it executable, sudo'ing, etc., that goes along with installing Linux programs.

I'd give them a basic rundown on using the built in Software Manager/Software Center. Once they know how it works, they can install 99% of what they want without your intervention. This also mitigates the issues of authenticating a script and letting a script run wild with root privileges.

I'll also strongly recommend TeamViewer. It makes it easy for them to reach out for help without having to mess with configuration. I use it on several computers, all behind NAT routers.

kazoni
  • 693
  • 4
  • 12
  • That's what I want the thing to solve, download from my server and deploy. No saving and making executable or anything, just "here's the script" and drag it onto an icon or something. You know, something easy to do even your your greatgrandmother. :) TeamViewer requires me being available and I prefer doing stuff asynchronous. – Tim Stoop Jun 11 '15 at 13:25
0

If you'll bite the bullet to maintain your own update repositories, you can modify the config file of "people"'s update manager to point at your repository, and any patch you built will be pulled by the system on designated time.

cheong00
  • 59
  • 6