Forum: Ruby on Rails Dedicated ROR server and security

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
Nauhaie (Guest)
on 2006-05-06 11:14
Hi all,

I am trying to set up a dedicated Ruby on Rails server on Debian Sarge,
with Apache 2 and mod_fcgid. There are 2-3 applications on this server,
using virtual hosts. For now, everything works fine.

However, I would like to secure this a little bit more. What I would
like is to prevent one of the web apps to run a shell command to read
one of the other app's source file, or worse, modify it. With PHP, there
was basedir which did the job if I remember correctly.

So, what I would like is a way to 'chroot' all fcgid process from one
app to the app's directory. Could suexec do the job? I couldn't find any
tutorial... I don't really need the fcgid process to be run as a special
user, I just need it to be unable to access what it should not access.

Thank you in advance ;-)
This topic is locked and can not be replied to.