On Oct 17, 1:09 am, "William Stein" <[EMAIL PROTECTED]> wrote:
> On 10/16/07, Timothy Clemans <[EMAIL PROTECTED]> wrote:
>
>
>
> > I don't think it is the main jails you would block since they have to
> > receive and send data in order for the public to access them. Maybe
> > you would block the pool of sage__ users from accessing the net using
> > Iptables. (this might be helpful -->
> >http://www.thescripts.com/forum/thread705507.html) Also maybe you
> > could have a whitelist for the sloane database and the others.
>
> You're right; that's exactly what I want to do. I want to make it so the
> working pool sage* users can't use the network in any way. They are
> users in the chroot jail, so the question is -- how can I make it so a
> given user can't use the internet on a unix machine, assuming said
> user doesn't hack the machine and become a different user?
>
I would suggest not to actually use unixy infrastructure to create the
users. But that certainly involves a decent amount of coding to do
your own user creation/permission management and so on. Trying to
secure unix user accounts seems doomed in my opinion. Using IP tables
is also pointless because you have http[s] access and can bring in
everything you need that way. It is just a little bit more effort.
> And yes, I know, if only I would release a "SageLite" that was the sage
> notebook without the hard-to-build Sage math library, then all kinds
> of unix gurus would just solve all these problems for me (since then the
> notebook would be popular and independently interesting beyond Sage).
> I really want to do that.
>
I agree.
> William
Cheers,
Michael
--~--~---------~--~----~------------~-------~--~----~
To post to this group, send email to sage-devel@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/sage-devel
URLs: http://sage.scipy.org/sage/ and http://modular.math.washington.edu/sage/
-~----------~----~----~----~------~----~------~--~---
