I installed Rails and Rubygems on a web server for a customer who wants to install a Ruby on Rails application that he developped. He needs SSH access to interact with Ruby, so I''ll have to grant him access, but I want him to only play around in his /home directory, as this server also hosts other customers. How could I do that? Thanks, -- Posted via http://www.ruby-forum.com/.
Basic users in *nix systems are restrictied to only changing things in their home directory. Be sure not to put the user in any groups that are more powerful (e.g. wheel) ~ Ben On 1/12/06, Charles <me@privacy.net> wrote:> > I installed Rails and Rubygems on a web server for a customer who wants > to install a Ruby on Rails application that he developped. > > He needs SSH access to interact with Ruby, so I''ll have to grant him > access, but I want him to only play around in his /home directory, as > this server also hosts other customers. How could I do that? > > Thanks, > > -- > Posted via http://www.ruby-forum.com/. > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >-- Ben Reubenstein benr@x-cr.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060112/4c9053e1/attachment.html
On 12 Jan 2006, at 19:25, Charles wrote:> I installed Rails and Rubygems on a web server for a customer who > wants > to install a Ruby on Rails application that he developped. > > He needs SSH access to interact with Ruby, so I''ll have to grant him > access, but I want him to only play around in his /home directory, as > this server also hosts other customers. How could I do that?Setup a Jailshell: http://gentoo-wiki.com/HOWTO_chroot_login More secure, use Jailkit: http://olivier.sessink.nl/jailkit/ Or sell him a VM to play with :D Yours, Craig -- Craig Webster | t: +44 (0)131 516 8595 | e: craig@xeriom.net Xeriom.NET | f: +44 (0)131 661 0689 | w: http://xeriom.net
On Thu, 2006-01-12 at 20:25 +0100, Charles wrote:> I installed Rails and Rubygems on a web server for a customer who wants > to install a Ruby on Rails application that he developped. > > He needs SSH access to interact with Ruby, so I''ll have to grant him > access, but I want him to only play around in his /home directory, as > this server also hosts other customers. How could I do that? >This is more of a question for a Unix user group not a Rails list. :-) If you provide them SSH and have Ruby and RubyGems (with Rails installed)... they should be able to play with it. Robby -- /************************************************************** * Robby Russell, Founder & Executive Director * * PLANET ARGON, LLC | www.planetargon.com * * Ruby on Rails Development, Consulting, and Hosting * * Portland, Oregon | p: 503.351.4730 | f: 815.642.4068 * * blog: www.robbyonrails.com | book: www.programmingrails.com * ***************************************************************/
Hi all, On Friday 13 January 2006 06:50, Robby Russell tried to type something like:> If you provide them SSH and have Ruby and RubyGems (with Rails > installed)... they should be able to play with it.Or you can build a rail app to have them do so .. :-) This was also meant seriously. I run a (small) hosting company, and have people use rssh (www.pizzashack.org/rssh/index.shtml). This is a child forked by ssh and therewith people can run sftp. A friend of mine runs dreamwaver (a win/flash dev app), and uploads with sftp very nicely. So with a web app you can have people install gems, or you can provide them with a default set, and make them available yourself when requested. Depending on the people who login on, the following is good to keep in mind. When people have access to a shell prompt over ssh, they''re past the outside perimiter (your firewall), and you have to keep a closer look at software exploits, rootkits and other flaws within your system. A jailed ssh environment, can be done but has some angles, you should look at. regards, Gerard.> > Robby-- "Who cares if it doesn''t do anything? It was made with our new Triple-Iso-Bifurcated-Krypton-Gate-MOS process ..." My $Grtz =~ Gerard; ~ :wq!