Forum: Ruby on Rails File permissions for Rails app - how much can I lock it down

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Bill Walton (Guest)
on 2007-03-26 19:00
(Received via mailing list)
I want to lock down my site as much as possible and would like to set
the file permissions as restrictively as possible.

Is there any reason that any file used by my app but not in the /public
directory needs or should have Read, Write, or eXecute for Public
permissions?

Thanks,
Bill
Ezra Zygmuntowicz (Guest)
on 2007-03-26 23:39
(Received via mailing list)
If you are running mongrel then all of your apps code outside of
public can be locked down to just the user that mongrel runs as.

-Ezra


On Mar 26, 2007, at 9:59 AM, Bill Walton wrote:

> >
-- Ezra Zygmuntowicz
-- Lead Rails Evangelist
-- ez@engineyard.com
-- Engine Yard, Serious Rails Hosting
-- (866) 518-YARD (9273)
Bill Walton (Guest)
on 2007-03-27 00:12
(Received via mailing list)
Hi Ezra,

Ezra Zygmuntowicz wrote:

> If you are running mongrel then all of your apps code outside of
> public can be locked down to just the user that mongrel runs as.

Thanks much for that info.  Does that change when I stop / start
mongrel?
Like its pid?  Or is it a constant?  In any event, I assume that mongrel
is
at least part of the Group, so I can get started on changing all the
Public
permissions anyway.  Thanks!

Best regards,
Bill
Russell Norris (Guest)
on 2007-03-27 17:54
(Received via mailing list)
Wouldn't you want log to be an exception? I just this weekend locked my
username out of a logfile created by my app and had to read it as root.
Heh.

RSL
Bill Walton (Guest)
on 2007-03-27 18:35
(Received via mailing list)
Hi Russell,

Exactly the kind of thing I imagined myself doing, and why I asked here
before I dug myself into a hole ;-)  Thanks.

Bill
  ----- Original Message -----
  From: Russell Norris
  To: rubyonrails-talk@googlegroups.com
  Sent: Tuesday, March 27, 2007 10:51 AM
  Subject: [Rails] Re: File permissions for Rails app - how much can I
lock it down?


  Wouldn't you want log to be an exception? I just this weekend locked
my username out of a logfile created by my app and had to read it as
root. Heh.

  RSL


  On 3/26/07, Bill Walton <bill.walton@charter.net> wrote:

    Hi Ezra,

    Ezra Zygmuntowicz wrote:

    > If you are running mongrel then all of your apps code outside of
    > public can be locked down to just the user that mongrel runs as.

    Thanks much for that info.  Does that change when I stop / start
mongrel?
    Like its pid?  Or is it a constant?  In any event, I assume that
mongrel is
    at least part of the Group, so I can get started on changing all the
Public
    permissions anyway.  Thanks!

    Best regards,
    Bill
This topic is locked and can not be replied to.