This project is not covered by Drupal’s security advisory policy.
This module is intended for drupal sites running on shared hosting environments, or any server where the user does not have access to an SSH shell or terminal, but would like one. It provides an ajaxy web-based pseudo-shell, letting web users more comfortable with a shell environment perform operations like wget, patch, gzip, rm, etc. In this way, they can perform almost any valid linux/unix commands, including running their own scripts.
Important Detail: This module works by simply passing what the user types through PHP to the server, and capturing the output. Be VERY careful with what users you allow to access this module. Authorized users will be able to edit and delete files from your web server! If you do not set any permissions on who can access Shell, then by default only the admin user will be able to access it.
- Most Linux/Unix commands are available and work as expected. Note: commands or programs which require user interaction (like emacs or vi, for example) will not work correctly. Luckily:
- There is a built-in file editor which will be available to the user when they type "vi, vim, emacs, or simply edit" and a file name.
- The "man" command will provide a link to an off-site web based man page.
- Features a tab-autocomplete, just like most real shells.
- Can be loaded into a popup (or multiple popups)
- Your Drupal site needs to be on a Linux/Unix server, not Windows.
- You must have PHP's Safe Mode turned off. This is the default for most servers. I tested Shell on a server with Safe Mode and it did not work. If others could test and report back, that would be great.
This project was inspired by the phpterm project by bzrundi, located here: http://phpterm.sourceforge.net/
- Maintenance status: Seeking co-maintainer(s)
- Development status: Maintenance fixes only
- Module categories: Utility
- Reported installs: 136 sites currently report using this module. View usage statistics.
- Downloads: 5,600
- Automated tests: Enabled
- Last modified: March 10, 2017
- This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.