Jason and Dan, Thank you for the info and suggestions. It took a while, but we got it running.
One thing that I'm experiencing seems odd. I created an account, logged in, made a worksheet. When I save and quit the worksheet, I go back to my home page. If I click sign out, nothing happens. If I kill the browser window, then open a new one and go back to the server, I get my home page (without logging in). If I quit firefox, then I do have to login. But! If I open a worksheet and don't quit it, then it seems to keep running even after I quit firefox. I restart firefox, relogin and there it is, the worksheet still running. This seems odd, is that how it should be? Won't this lead to a lot of unused stuff being stored when people, unthinkingly leave notebooks open? Also shouldnt sign out send me back to the login page? Is there a setting that needs to be ... set? Mike On Mar 6, 6:46 pm, Jason Grout <jason-s...@creativetrax.com> wrote: > On 3/6/12 2:53 PM, Mike OS wrote: > > > > > > > > > > > I'd like to set up a sage notebook server at my campus. Since this is > > beyond my expertise, I asked the College IT specialists to handle it. > > Of course, they are very concerned about vulnerabilities, so they > > will only allow access from on campus. > > > We browsed some of the available information and most concerns Ubuntu > > not OS X. I received the following from Bill Morris, our IT guru. > > Could anyone answer his questions and validate his understanding of > > things? Also, please address the overarching issue, which I have > > seen discussed quite a bit in recent posts: security in setting up a > > server. > > > Thank you! > > > --------------------- I invested a couple of hours yesterday trying > > to unwind the "setting up a sage server" question. I think the issues > > are these: > > > 1. Sage's notebook server is built in to sage ... it is likely the > > same sort of python based web server as is used in zope. > > I don't think it's the same as zope, but it is a python-based web > server. Sage uses the twisted web server [1]. > > > 2. Coupling sage with apache is basically running apache with little > > more than a proxy to port 8000, the port sage's notebook server runs > > on. > > That's correct. Well, it's really a "reverse proxy". > > > > > > > > > > > > > 3. The part of the "how-to" instructions that leave me coldest are > > the "here is where we create the accounts sage1 ... sageN" on the > > server and try our best to keep people from exploiting them. They > > even go as far as talking about filesystem ACLs ... which tells me we > > don't want to go anywhere near this. > > > So, my question to you, as someone who hopefully understands the > > desired outcome better than I, is: > > > Does a sage notebook server require interactive logins? I'm > > thinking, but am not quite sure, that the interactive logins are for > > students to run sage from a command line, and as long as one creates > > sufficient accounts in the notebook server itself (not accounts on > > the host where the notebook server is hosted) the notebook server can > > exist without interactive logins. > > When a user executes a worksheet on the Sage server, a sage session is > started up on the server to execute their commands. This sage session > is basically giving them shell access on the server. If you don't > create something like the sageN accounts (i.e., if you don't use the > server_pool option when starting up the notebook server), then this sage > session is started up as the notebook user (i.e., the sageserver user, > if you're following these instructions [1]). This is bad, because it > means that any notebook user can then delete the entire notebook data > directory (because their worksheet commands have those user > permissions). So instead, we create restricted sage0 through sage9 > accounts (one account is all that is really necessary). These > restricted accounts are used for executing user code. This provides > privilege separation between the Sage notebook server, which maintains > the list of worksheets and communicates with users, and the user code > that is being run. > > Does that help? > > It would help to add clarifications to the instructions. The page is a > wiki page---feel free to edit it to clarify things, if you'd like! Or > let your IT person know that they are welcome to create a wiki account > and edit it to make it more friendly to IT people. > > Thanks, > > Jason > > [1]http://twistedmatrix.com/trac/ > > [2]http://wiki.sagemath.org/SageServer -- To post to this group, send email to sage-support@googlegroups.com To unsubscribe from this group, send email to sage-support+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/sage-support URL: http://www.sagemath.org
