Granting SSH access to a Ruby on Rails user


#1

I installed Rails and Rubygems on a web server for a customer who wants
to install a Ruby on Rails application that he developped.

He needs SSH access to interact with Ruby, so I’ll have to grant him
access, but I want him to only play around in his /home directory, as
this server also hosts other customers. How could I do that?

Thanks,


#2

Basic users in *nix systems are restrictied to only changing things in
their
home directory. Be sure not to put the user in any groups that are more
powerful (e.g. wheel)

~ Ben


#3

On 12 Jan 2006, at 19:25, Charles wrote:

I installed Rails and Rubygems on a web server for a customer who
wants
to install a Ruby on Rails application that he developped.

He needs SSH access to interact with Ruby, so I’ll have to grant him
access, but I want him to only play around in his /home directory, as
this server also hosts other customers. How could I do that?

Setup a Jailshell:
http://gentoo-wiki.com/HOWTO_chroot_login

More secure, use Jailkit:
http://olivier.sessink.nl/jailkit/

Or sell him a VM to play with :smiley:

Yours,
Craig

Craig W. | t: +44 (0)131 516 8595 | e: removed_email_address@domain.invalid
Xeriom.NET | f: +44 (0)131 661 0689 | w: http://xeriom.net


#4

On Thu, 2006-01-12 at 20:25 +0100, Charles wrote:

I installed Rails and Rubygems on a web server for a customer who wants
to install a Ruby on Rails application that he developped.

He needs SSH access to interact with Ruby, so I’ll have to grant him
access, but I want him to only play around in his /home directory, as
this server also hosts other customers. How could I do that?

This is more of a question for a Unix user group not a Rails list. :slight_smile:

If you provide them SSH and have Ruby and RubyGems (with Rails
installed)… they should be able to play with it.

Robby


/**************************************************************

  • Robby R., Founder & Executive Director *
  • PLANET ARGON, LLC | www.planetargon.com *
  • Ruby on Rails Development, Consulting, and Hosting *
  • Portland, Oregon | p: 503.351.4730 | f: 815.642.4068 *
  • blog: www.robbyonrails.com | book: www.programmingrails.com *
    ***************************************************************/

#5

Hi all,

On Friday 13 January 2006 06:50, Robby R. tried to type something
like:

If you provide them SSH and have Ruby and RubyGems (with Rails
installed)… they should be able to play with it.
Or you can build a rail app to have them do so … :slight_smile:

This was also meant seriously. I run a (small) hosting company, and have
people use rssh (www.pizzashack.org/rssh/index.shtml). This is a child
forked
by ssh and therewith people can run sftp. A friend of mine runs
dreamwaver (a
win/flash dev app), and uploads with sftp very nicely.

So with a web app you can have people install gems, or you can provide
them
with a default set, and make them available yourself when requested.

Depending on the people who login on, the following is good to keep in
mind.
When people have access to a shell prompt over ssh, they’re past the
outside
perimiter (your firewall), and you have to keep a closer look at
software
exploits, rootkits and other flaws within your system.

A jailed ssh environment, can be done but has some angles, you should
look at.

regards,

Gerard.

Robby


“Who cares if it doesn’t do anything? It was made with our new
Triple-Iso-Bifurcated-Krypton-Gate-MOS process …”

My $Grtz =~ Gerard;
~
:wq!