Isolating a Rails app?


#1

I’m trying to isolate some Rails apps I will be running on a shared
server;
by isolate I mean I want the application to be unable to access any of
the
filesystem below its root. These apps are from a few different people
and I
don’t want them to accidentally (or purposefully) blow someone else’s
files
away. I would just create a unique user for all of them, but I don’t
want
them to have shell access (and I don’t exactly have a lot of shell
accounts
flying about the give away being on a shared server and all). I’ve been
toying with permissions and ownership but I can’t seem to cook up the
right
formula and I don’t know if Rails offers some config option that I’m
unaware
of. Do any of you Rails/sysadmin wizzes have any ideas?

–Jeremy McAnally


#2

On Thu, Mar 23, 2006 at 07:35:11PM -0500, Jeremy McAnally wrote:
} I’m trying to isolate some Rails apps I will be running on a shared
} server; by isolate I mean I want the application to be unable to
access
} any of the filesystem below its root. These apps are from a few
} different people and I don’t want them to accidentally (or
purposefully)
} blow someone else’s files away. I would just create a unique user for
} all of them, but I don’t want them to have shell access (and I don’t
} exactly have a lot of shell accounts flying about the give away being
on
} a shared server and all). I’ve been toying with permissions and
} ownership but I can’t seem to cook up the right formula and I don’t
know
} if Rails offers some config option that I’m unaware of. Do any of you
} Rails/sysadmin wizzes have any ideas?

Run your apps under Mongrel or something in a chroot. It doesn’t matter
what user it runs under. You can use Apache’s mod_proxy to route
appropriate URLs to the apps.

} --Jeremy McAnally
–Greg