Forum: Ruby on Rails Isolating a Rails app?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Jeremy McAnally (Guest)
on 2006-03-24 02:35
(Received via mailing list)
I'm trying to isolate some Rails apps I will be running on a shared
server;
by isolate I mean I want the application to be unable to access any of
the
filesystem below its root.  These apps are from a few different people
and I
don't want them to accidentally (or purposefully) blow someone else's
files
away.  I would just create a unique user for all of them, but I don't
want
them to have shell access (and I don't exactly have a lot of shell
accounts
flying about the give away being on a shared server and all).  I've been
toying with permissions and ownership but I can't seem to cook up the
right
formula and I don't know if Rails offers some config option that I'm
unaware
of.  Do any of you Rails/sysadmin wizzes have any ideas?

--Jeremy McAnally
Gregory S. (Guest)
on 2006-03-24 03:28
(Received via mailing list)
On Thu, Mar 23, 2006 at 07:35:11PM -0500, Jeremy McAnally wrote:
} I'm trying to isolate some Rails apps I will be running on a shared
} server; by isolate I mean I want the application to be unable to
access
} any of the filesystem below its root.  These apps are from a few
} different people and I don't want them to accidentally (or
purposefully)
} blow someone else's files away.  I would just create a unique user for
} all of them, but I don't want them to have shell access (and I don't
} exactly have a lot of shell accounts flying about the give away being
on
} a shared server and all).  I've been toying with permissions and
} ownership but I can't seem to cook up the right formula and I don't
know
} if Rails offers some config option that I'm unaware of.  Do any of you
} Rails/sysadmin wizzes have any ideas?

Run your apps under Mongrel or something in a chroot. It doesn't matter
what user it runs under. You can use Apache's mod_proxy to route
appropriate URLs to the apps.

} --Jeremy McAnally
--Greg
This topic is locked and can not be replied to.