Rails - Mar 2007 - File permissions for Rails app - how much can I lock it down?

I want to lock down my site as much as possible and would like to set the file
permissions as restrictively as possible.

Is there any reason that any file used by my app but not in the /public
directory needs or should have Read, Write, or eXecute for Public permissions?

Thanks,
Bill
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

If you are running mongrel then all of your apps code outside of  
public can be locked down to just the user that mongrel runs as.

-Ezra


On Mar 26, 2007, at 9:59 AM, Bill Walton wrote:
> I want to lock down my site as much as possible and would like to  
> set the file permissions as restrictively as possible.
>
> Is there any reason that any file used by my app but not in the / 
> public directory needs or should have Read, Write, or eXecute for  
> Public permissions?
>
> Thanks,
> Bill
>
> >
-- Ezra Zygmuntowicz 
-- Lead Rails Evangelist
-- ez-NLltGlunAUd/unjJdyJNww@public.gmane.org
-- Engine Yard, Serious Rails Hosting
-- (866) 518-YARD (9273)



--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Hi Ezra,

Ezra Zygmuntowicz wrote:
> If you are running mongrel then all of your apps code outside of
> public can be locked down to just the user that mongrel runs as.
Thanks much for that info.  Does that change when I stop / start mongrel? 
Like its pid?  Or is it a constant?  In any event, I assume that mongrel is 
at least part of the Group, so I can get started on changing all the Public 
permissions anyway.  Thanks!

Best regards,
Bill 



--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Wouldn''t you want log to be an exception? I just this weekend locked my
username out of a logfile created by my app and had to read it as root. Heh.

RSL

On 3/26/07, Bill Walton
<bill.walton-xwVYE8SWAR3R7s880joybQ@public.gmane.org>
wrote:
>
>
> Hi Ezra,
>
> Ezra Zygmuntowicz wrote:
>
> > If you are running mongrel then all of your apps code outside of
> > public can be locked down to just the user that mongrel runs as.
>
> Thanks much for that info.  Does that change when I stop / start mongrel?
> Like its pid?  Or is it a constant?  In any event, I assume that mongrel
> is
> at least part of the Group, so I can get started on changing all the
> Public
> permissions anyway.  Thanks!
>
> Best regards,
> Bill
>
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Hi Russell,

Exactly the kind of thing I imagined myself doing, and why I asked here before I
dug myself into a hole ;-)  Thanks.

Bill
  ----- Original Message ----- 
  From: Russell Norris 
  To: rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org 
  Sent: Tuesday, March 27, 2007 10:51 AM
  Subject: [Rails] Re: File permissions for Rails app - how much can I lock it
down?


  Wouldn''t you want log to be an exception? I just this weekend locked
my username out of a logfile created by my app and had to read it as root. Heh.

  RSL


  On 3/26/07, Bill Walton
<bill.walton-xwVYE8SWAR3R7s880joybQ@public.gmane.org> wrote:

    Hi Ezra,

    Ezra Zygmuntowicz wrote:

    > If you are running mongrel then all of your apps code outside of
    > public can be locked down to just the user that mongrel runs as.

    Thanks much for that info.  Does that change when I stop / start mongrel? 
    Like its pid?  Or is it a constant?  In any event, I assume that mongrel is
    at least part of the Group, so I can get started on changing all the Public
    permissions anyway.  Thanks!

    Best regards,
    Bill








  

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---