Forum: Ruby on Rails Dedicated ROR server and security

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Ecf21acef6f0e0d734051c7392207d2f?d=identicon&s=25 Nauhaie (Guest)
on 2006-05-06 09:14
Hi all,

I am trying to set up a dedicated Ruby on Rails server on Debian Sarge,
with Apache 2 and mod_fcgid. There are 2-3 applications on this server,
using virtual hosts. For now, everything works fine.

However, I would like to secure this a little bit more. What I would
like is to prevent one of the web apps to run a shell command to read
one of the other app's source file, or worse, modify it. With PHP, there
was basedir which did the job if I remember correctly.

So, what I would like is a way to 'chroot' all fcgid process from one
app to the app's directory. Could suexec do the job? I couldn't find any
tutorial... I don't really need the fcgid process to be run as a special
user, I just need it to be unable to access what it should not access.

Thank you in advance ;-)
Nauhaie
This topic is locked and can not be replied to.