Jump to content


Photo

Specific Permissions For A Python Script


  • Please log in to reply
11 replies to this topic

#1 TheNavigator

TheNavigator

    Advanced Member

  • Members
  • PipPipPip
  • 44 posts

Posted 09 November 2012 - 09:39 AM

I'm making a way of communication between a site and a server. User uploads a python file, the server then compiles it and returns the output.

Everything works perfectly. The only problem is that script file can access other directories and mess with things. The script deals with only 2 files, "input" and "output". How can I make such thing? Any instructions?

Any help is much appreciated :) Thanks.

#2 trq

trq

    Advanced Member

  • Administrators
  • 31,032 posts
  • LocationSydney, Australia.

Posted 09 November 2012 - 09:43 AM

You could create a user to execute this script and have this user locked down so as to only execute this particular script with access to only what it needs to do so.

http://thorpesystems.com | http://proemframework.org | http://github.com/trq

SmtpCatcher - A very simple mock sendmail useful for testing PHP mail scripts.
OPM - My Linux package manager.


#3 TheNavigator

TheNavigator

    Advanced Member

  • Members
  • PipPipPip
  • 44 posts

Posted 09 November 2012 - 10:52 AM

How to limit a user to a directory then? And would that work with nohup ?

Edited by TheNavigator, 09 November 2012 - 10:53 AM.


#4 trq

trq

    Advanced Member

  • Administrators
  • 31,032 posts
  • LocationSydney, Australia.

Posted 10 November 2012 - 04:01 AM

You need to create a simple user to execute this service as. You then make the files this service requires access to be owned by that user.

The idea of someone being able to upload a script sounds dodgy, what exactly are you trying to do?

http://thorpesystems.com | http://proemframework.org | http://github.com/trq

SmtpCatcher - A very simple mock sendmail useful for testing PHP mail scripts.
OPM - My Linux package manager.


#5 TheNavigator

TheNavigator

    Advanced Member

  • Members
  • PipPipPip
  • 44 posts

Posted 15 November 2012 - 03:09 AM

Sorry for the late reply.

It's something very advanced and complicated (as reported by experts who are responsible for the informatic olympiads here. For me it wasn't that hard). An algorithm server.

Ever heard about Codeforces, TopCoder, USACO, Z-Training, etc. ? The international olympiad for informatics?

For your reply, that means I need to turn that "python script" into a service then. True?

Edited by TheNavigator, 15 November 2012 - 03:11 AM.


#6 trq

trq

    Advanced Member

  • Administrators
  • 31,032 posts
  • LocationSydney, Australia.

Posted 15 November 2012 - 04:41 AM

Not really, you just need to create a user that will be in charge of executing it.

http://thorpesystems.com | http://proemframework.org | http://github.com/trq

SmtpCatcher - A very simple mock sendmail useful for testing PHP mail scripts.
OPM - My Linux package manager.


#7 TheNavigator

TheNavigator

    Advanced Member

  • Members
  • PipPipPip
  • 44 posts

Posted 15 November 2012 - 07:31 AM

And? :)

#8 trq

trq

    Advanced Member

  • Administrators
  • 31,032 posts
  • LocationSydney, Australia.

Posted 15 November 2012 - 04:32 PM

And what? I don;t see what is sooooo difficult.

What is the issue?

http://thorpesystems.com | http://proemframework.org | http://github.com/trq

SmtpCatcher - A very simple mock sendmail useful for testing PHP mail scripts.
OPM - My Linux package manager.


#9 TheNavigator

TheNavigator

    Advanced Member

  • Members
  • PipPipPip
  • 44 posts

Posted 16 November 2012 - 01:48 AM

How to make a user and certain its permissions not to access other directories?

The user I use, although it's a sudoer, but without using sudo commands it can play with stuff, make files here and there, delete some files, etc.

How can I prevent this so the only directory the user can access is the one I specify it for him?

#10 trq

trq

    Advanced Member

  • Administrators
  • 31,032 posts
  • LocationSydney, Australia.

Posted 16 November 2012 - 04:54 AM

Lock the rest of the system down. Users cannot generally create files or edit files anywhere that they can damage anything.

There is no simple one stop quick fix, it's just typical sys admin stuff. Can you be specific about where it is your stuck or what it is you don't understand?

http://thorpesystems.com | http://proemframework.org | http://github.com/trq

SmtpCatcher - A very simple mock sendmail useful for testing PHP mail scripts.
OPM - My Linux package manager.


#11 TheNavigator

TheNavigator

    Advanced Member

  • Members
  • PipPipPip
  • 44 posts

Posted 01 December 2012 - 08:37 AM

After searching for sometime, what I want to do is something like a chroot jail, or an rSSH. Locking the user to a specified directory. chroot looks fine but it's much more than what I actually need. I've also seen Jailkit, but I can't figure out how to make that work on CentOS

I guess I need more experience :|

#12 TheNavigator

TheNavigator

    Advanced Member

  • Members
  • PipPipPip
  • 44 posts

Posted 02 December 2012 - 07:30 AM

Never mind, I got it :) I thought that any user can access any directories, thankfully, by default, everything's secured

I know it's stupid, but I didn't know so because I rarely used a Linux system with multiple users




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Cheap Linux VPS from $5
SSD Storage, 30 day Guarantee
1 TB of BW, 100% Network Uptime

AlphaBit.com