TheNavigator Posted November 9, 2012 Share Posted November 9, 2012 I'm making a way of communication between a site and a server. User uploads a python file, the server then compiles it and returns the output. Everything works perfectly. The only problem is that script file can access other directories and mess with things. The script deals with only 2 files, "input" and "output". How can I make such thing? Any instructions? Any help is much appreciated Thanks. Quote Link to comment Share on other sites More sharing options...
trq Posted November 9, 2012 Share Posted November 9, 2012 You could create a user to execute this script and have this user locked down so as to only execute this particular script with access to only what it needs to do so. Quote Link to comment Share on other sites More sharing options...
TheNavigator Posted November 9, 2012 Author Share Posted November 9, 2012 (edited) How to limit a user to a directory then? And would that work with nohup ? Edited November 9, 2012 by TheNavigator Quote Link to comment Share on other sites More sharing options...
trq Posted November 10, 2012 Share Posted November 10, 2012 You need to create a simple user to execute this service as. You then make the files this service requires access to be owned by that user. The idea of someone being able to upload a script sounds dodgy, what exactly are you trying to do? Quote Link to comment Share on other sites More sharing options...
TheNavigator Posted November 15, 2012 Author Share Posted November 15, 2012 (edited) Sorry for the late reply. It's something very advanced and complicated (as reported by experts who are responsible for the informatic olympiads here. For me it wasn't that hard). An algorithm server. Ever heard about Codeforces, TopCoder, USACO, Z-Training, etc. ? The international olympiad for informatics? For your reply, that means I need to turn that "python script" into a service then. True? Edited November 15, 2012 by TheNavigator Quote Link to comment Share on other sites More sharing options...
trq Posted November 15, 2012 Share Posted November 15, 2012 Not really, you just need to create a user that will be in charge of executing it. Quote Link to comment Share on other sites More sharing options...
TheNavigator Posted November 15, 2012 Author Share Posted November 15, 2012 And? Quote Link to comment Share on other sites More sharing options...
trq Posted November 15, 2012 Share Posted November 15, 2012 And what? I don;t see what is sooooo difficult. What is the issue? Quote Link to comment Share on other sites More sharing options...
TheNavigator Posted November 16, 2012 Author Share Posted November 16, 2012 How to make a user and certain its permissions not to access other directories? The user I use, although it's a sudoer, but without using sudo commands it can play with stuff, make files here and there, delete some files, etc. How can I prevent this so the only directory the user can access is the one I specify it for him? Quote Link to comment Share on other sites More sharing options...
trq Posted November 16, 2012 Share Posted November 16, 2012 Lock the rest of the system down. Users cannot generally create files or edit files anywhere that they can damage anything. There is no simple one stop quick fix, it's just typical sys admin stuff. Can you be specific about where it is your stuck or what it is you don't understand? Quote Link to comment Share on other sites More sharing options...
TheNavigator Posted December 1, 2012 Author Share Posted December 1, 2012 After searching for sometime, what I want to do is something like a chroot jail, or an rSSH. Locking the user to a specified directory. chroot looks fine but it's much more than what I actually need. I've also seen Jailkit, but I can't figure out how to make that work on CentOS I guess I need more experience :| Quote Link to comment Share on other sites More sharing options...
TheNavigator Posted December 2, 2012 Author Share Posted December 2, 2012 Never mind, I got it I thought that any user can access any directories, thankfully, by default, everything's secured I know it's stupid, but I didn't know so because I rarely used a Linux system with multiple users Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.