2009/4/4 Thierry Dumont <tdum...@math.univ-lyon1.fr>:
> I am always preparing me Sage "University wide" server..
>
> I think I have a big security problem:
>
> Sage create users (looking for this in my ldap server, but this changes
> nothing from a public server where every one can create an account).
> One an account is created, I can access and *destroy* all other
> accounts; it is sufficient for this to log in on the notebook, then to
> launch the python interpreter; at is point I can do:
>
> system('ls -l /scratch/sage/.sage/sage_notebook/worksheets/')
>
> and worse:
>
> system('rm -rf /scratch/sage/.sage/sage_notebook/worksheets/foo')
>
> Mmmpf...
>
> Is there any way to avoid this ?
Type
sage: notebook?
and read:
-------------------------
server_pool -- (default: None) list; this option specifies that
worksheet processes run as a separate user (chosen
from the list in the server_pool -- see below).
4. I want to create a Sage notebook server that is open to anybody in
the world to create new accounts. To run the Sage notebook publically
(1) at a minimum run it from a chroot jail or inside a virtual
machine (see wiki.sagemath.org/StartingTheNotebook and the Sage
install guide) and (2) use a command like
notebook(address='', server_pool=['sa...@localhost'],
ulimit='-v 500000', accounts=True)
The server_pool option specifies that worksheet processes run as a
separate user. The ulimit option restricts the memory available to
each worksheet processes to 500MB. See help on the `accounts' option
above.
Be sure to make that the sage_notebook/nb.sobj and contents of
sage_notebook/backups is chmod og-rwx, i.e., only readable by the
notebook process, since otherwise any user can read nb.sobj, which
contains user email addresses and account information (password are
stored hashed, so fewer worries there). You will need to use the
`directory' option to accomplish this.
-------------------------
To make things more secure you should have a bunch (e.g., 100)
accounts in the server_pool and not just one as it shows above.
We currently don't have something to 1:1 map users to accounts in the
server pool, but this would make it so nobody could touch anybody
else's files at all. Nobody has found the time to implement this,
though I think it would be quite easy.
William
--~--~---------~--~----~------------~-------~--~----~
To post to this group, send email to sage-support@googlegroups.com
To unsubscribe from this group, send email to
sage-support-unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/sage-support
URLs: http://www.sagemath.org
-~----------~----~----~----~------~----~------~--~---
