Forum: Ruby on Rails Granting SSH access to a Ruby on Rails user

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Eaa5275b7c8df78c4d4216169c3add10?d=identicon&s=25 Charles (Guest)
on 2006-01-12 20:25
I installed Rails and Rubygems on a web server for a customer who wants
to install a Ruby on Rails application that he developped.

He needs SSH access to interact with Ruby, so I'll have to grant him
access, but I want him to only play around in his /home directory, as
this server also hosts other customers. How could I do that?

Thanks,
D90ef6808433e63203e15a5c2dadb0bb?d=identicon&s=25 Ben Reubenstien (Guest)
on 2006-01-12 21:57
(Received via mailing list)
Basic users in *nix systems are restrictied to only changing things in
their
home directory.  Be sure not to put the user in any groups that are more
powerful (e.g. wheel)

~ Ben
5cfd7e9223637ea26c81c2cc3e43799e?d=identicon&s=25 Craig Webster (Guest)
on 2006-01-12 22:04
(Received via mailing list)
On 12 Jan 2006, at 19:25, Charles wrote:
> I installed Rails and Rubygems on a web server for a customer who
> wants
> to install a Ruby on Rails application that he developped.
>
> He needs SSH access to interact with Ruby, so I'll have to grant him
> access, but I want him to only play around in his /home directory, as
> this server also hosts other customers. How could I do that?

Setup a Jailshell:
http://gentoo-wiki.com/HOWTO_chroot_login

More secure, use Jailkit:
http://olivier.sessink.nl/jailkit/

Or sell him a VM to play with :D

Yours,
Craig
--
Craig Webster | t: +44 (0)131 516 8595 | e: craig@xeriom.net
Xeriom.NET    | f: +44 (0)131 661 0689 | w: http://xeriom.net
B84d42a3a5c343f8fc6ab7d7f47fd3f5?d=identicon&s=25 Robby Russell (Guest)
on 2006-01-13 06:52
(Received via mailing list)
On Thu, 2006-01-12 at 20:25 +0100, Charles wrote:
> I installed Rails and Rubygems on a web server for a customer who wants
> to install a Ruby on Rails application that he developped.
>
> He needs SSH access to interact with Ruby, so I'll have to grant him
> access, but I want him to only play around in his /home directory, as
> this server also hosts other customers. How could I do that?
>

This is more of a question for a Unix user group not a Rails list. :-)

If you provide them SSH and have Ruby and RubyGems (with Rails
installed)... they should be able to play with it.

Robby

--
/**************************************************************
* Robby Russell, Founder & Executive Director                 *
* PLANET ARGON, LLC | www.planetargon.com                     *
* Ruby on Rails Development, Consulting, and Hosting          *
* Portland, Oregon  | p: 503.351.4730 | f: 815.642.4068       *
* blog: www.robbyonrails.com | book: www.programmingrails.com *
***************************************************************/
4710a8ada2adc162aaee4288d9879d8e?d=identicon&s=25 Gerard Petersen (Guest)
on 2006-01-13 09:56
(Received via mailing list)
Hi all,

On Friday 13 January 2006 06:50, Robby Russell tried to type something
like:
> If you provide them SSH and have Ruby and RubyGems (with Rails
> installed)... they should be able to play with it.
Or you can build a rail app to have them do so .. :-)

This was also meant seriously. I run a (small) hosting company, and have
people use rssh (www.pizzashack.org/rssh/index.shtml). This is a child
forked
by ssh and therewith people can run sftp. A friend of mine runs
dreamwaver (a
win/flash dev app), and uploads with sftp very nicely.

So with a web app you can have people install gems, or you can provide
them
with a default set, and make them available yourself when requested.

Depending on the people who login on, the following is good to keep in
mind.
When people have access to a shell prompt over ssh, they're past the
outside
perimiter (your firewall), and you have to keep a closer look at
software
exploits, rootkits and other flaws within your system.

A jailed ssh environment, can be done but has some angles, you should
look at.

regards,

Gerard.

>
> Robby

--
"Who cares if it doesn't do anything?  It was made with our new
Triple-Iso-Bifurcated-Krypton-Gate-MOS process ..."

My $Grtz =~ Gerard;
~
:wq!
This topic is locked and can not be replied to.