11 replies to this topic

[TheNavigator]

I'm making a way of communication between a site and a server. User uploads a python file, the server then compiles it and returns the output.

Everything works perfectly. The only problem is that script file can access other directories and mess with things. The script deals with only 2 files, "input" and "output". How can I make such thing? Any instructions?

Any help is much appreciated Thanks.

[trq]

You could create a user to execute this script and have this user locked down so as to only execute this particular script with access to only what it needs to do so.

[TheNavigator]

How to limit a user to a directory then? And would that work with nohup ?

Edited by TheNavigator, 09 November 2012 - 10:53 AM.

[trq]

You need to create a simple user to execute this service as. You then make the files this service requires access to be owned by that user.

The idea of someone being able to upload a script sounds dodgy, what exactly are you trying to do?

[TheNavigator]

Sorry for the late reply.

It's something very advanced and complicated (as reported by experts who are responsible for the informatic olympiads here. For me it wasn't that hard). An algorithm server.

Ever heard about Codeforces, TopCoder, USACO, Z-Training, etc. ? The international olympiad for informatics?

For your reply, that means I need to turn that "python script" into a service then. True?

Edited by TheNavigator, 15 November 2012 - 03:11 AM.

[trq]

Not really, you just need to create a user that will be in charge of executing it.

[TheNavigator]

And?

[trq]

And what? I don;t see what is sooooo difficult.

What is the issue?

[TheNavigator]

How to make a user and certain its permissions not to access other directories?

The user I use, although it's a sudoer, but without using sudo commands it can play with stuff, make files here and there, delete some files, etc.

How can I prevent this so the only directory the user can access is the one I specify it for him?

[trq]

Lock the rest of the system down. Users cannot generally create files or edit files anywhere that they can damage anything.

There is no simple one stop quick fix, it's just typical sys admin stuff. Can you be specific about where it is your stuck or what it is you don't understand?

[TheNavigator]

After searching for sometime, what I want to do is something like a chroot jail, or an rSSH. Locking the user to a specified directory. chroot looks fine but it's much more than what I actually need. I've also seen Jailkit, but I can't figure out how to make that work on CentOS

I guess I need more experience :|

[TheNavigator]

Never mind, I got it I thought that any user can access any directories, thankfully, by default, everything's secured

I know it's stupid, but I didn't know so because I rarely used a Linux system with multiple users