Dedicated ROR server and security


#1

Hi all,

I am trying to set up a dedicated Ruby on Rails server on Debian Sarge,
with Apache 2 and mod_fcgid. There are 2-3 applications on this server,
using virtual hosts. For now, everything works fine.

However, I would like to secure this a little bit more. What I would
like is to prevent one of the web apps to run a shell command to read
one of the other app’s source file, or worse, modify it. With PHP, there
was basedir which did the job if I remember correctly.

So, what I would like is a way to ‘chroot’ all fcgid process from one
app to the app’s directory. Could suexec do the job? I couldn’t find any
tutorial… I don’t really need the fcgid process to be run as a special
user, I just need it to be unable to access what it should not access.

Thank you in advance :wink:
Nauhaie