On 3/6/12 2:53 PM, Mike OS wrote:
I'd like to set up a sage notebook server at my campus. Since this is
beyond my expertise, I asked the College IT specialists to handle it.
Of course, they are very concerned about vulnerabilities, so they
will only allow access from on campus.
We browsed some of the available information and most concerns Ubuntu
not OS X. I received the following from Bill Morris, our IT guru.
Could anyone answer his questions and validate his understanding of
things? Also, please address the overarching issue, which I have
seen discussed quite a bit in recent posts: security in setting up a
server.
Thank you!
--------------------- I invested a couple of hours yesterday trying
to unwind the "setting up a sage server" question. I think the issues
are these:
1. Sage's notebook server is built in to sage ... it is likely the
same sort of python based web server as is used in zope.
I don't think it's the same as zope, but it is a python-based web
server. Sage uses the twisted web server [1].
2. Coupling sage with apache is basically running apache with little
more than a proxy to port 8000, the port sage's notebook server runs
on.
That's correct. Well, it's really a "reverse proxy".
3. The part of the "how-to" instructions that leave me coldest are
the "here is where we create the accounts sage1 ... sageN" on the
server and try our best to keep people from exploiting them. They
even go as far as talking about filesystem ACLs ... which tells me we
don't want to go anywhere near this.
So, my question to you, as someone who hopefully understands the
desired outcome better than I, is:
Does a sage notebook server require interactive logins? I'm
thinking, but am not quite sure, that the interactive logins are for
students to run sage from a command line, and as long as one creates
sufficient accounts in the notebook server itself (not accounts on
the host where the notebook server is hosted) the notebook server can
exist without interactive logins.
When a user executes a worksheet on the Sage server, a sage session is
started up on the server to execute their commands. This sage session
is basically giving them shell access on the server. If you don't
create something like the sageN accounts (i.e., if you don't use the
server_pool option when starting up the notebook server), then this sage
session is started up as the notebook user (i.e., the sageserver user,
if you're following these instructions [1]). This is bad, because it
means that any notebook user can then delete the entire notebook data
directory (because their worksheet commands have those user
permissions). So instead, we create restricted sage0 through sage9
accounts (one account is all that is really necessary). These
restricted accounts are used for executing user code. This provides
privilege separation between the Sage notebook server, which maintains
the list of worksheets and communicates with users, and the user code
that is being run.
Does that help?
It would help to add clarifications to the instructions. The page is a
wiki page---feel free to edit it to clarify things, if you'd like! Or
let your IT person know that they are welcome to create a wiki account
and edit it to make it more friendly to IT people.
Thanks,
Jason
[1] http://twistedmatrix.com/trac/
[2] http://wiki.sagemath.org/SageServer
--
To post to this group, send email to sage-support@googlegroups.com
To unsubscribe from this group, send email to
sage-support+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/sage-support
URL: http://www.sagemath.org
