On Thu, Mar 23, 2006 at 07:35:11PM -0500, Jeremy McAnally wrote:
} I''m trying to isolate some Rails apps I will be running on a shared
} server; by isolate I mean I want the application to be unable to access
} any of the filesystem below its root. These apps are from a few
} different people and I don''t want them to accidentally (or
purposefully)
} blow someone else''s files away. I would just create a unique user
for
} all of them, but I don''t want them to have shell access (and I
don''t
} exactly have a lot of shell accounts flying about the give away being on
} a shared server and all). I''ve been toying with permissions and
} ownership but I can''t seem to cook up the right formula and I
don''t know
} if Rails offers some config option that I''m unaware of. Do any of
you
} Rails/sysadmin wizzes have any ideas?
Run your apps under Mongrel or something in a chroot. It doesn''t matter
what user it runs under. You can use Apache''s mod_proxy to route
appropriate URLs to the apps.
} --Jeremy McAnally
--Greg