What if, instead of creating these temporary directories used to execute
worksheets in /tmp, we create the temp directories in /tmp/<SERVERNAME>,
and make /tmp/<SERVERNAME> *not* readable by the restricted user
sagenbws. Then the sagenbws user (i.e., a worksheet user) can not list
other currently executing worksheet directories, so we get at least some
level of protection/obfuscation.
What do people think?
Thanks,
Jason
See also http://trac.sagemath.org/sage_trac/ticket/11679 which is related.
Yep.
>
> -Keshav
>
> ----
> Join us in #sagemath on irc.freenode.net !
--
William Stein
Professor of Mathematics
University of Washington
http://wstein.org
Sysadmin guys: any idea how to protect against something like this? It
also takes down the Sage cell server workers, of course.
It'd be nice if unix somehow had ad-hoc accounts, like a one-time login.
Surely something like that exists somewhere.
Thanks,
Jason
The sage notebook already has support for dealing with this, where one
can setup a "server pool" with a few hundred accounts that get rotated
through. Since there are never more than "a few hundred" users at
once, this would work fine.
I just didn't configure sagenb that way, since I consider this a very
temporary setup, and will be switching back to remove
virtual machine(s) soon anyways.
-- William
>
> Thanks,
>
> Jason
That's a workaround for the real problem that worksheets pull from the
same pool of unix accounts. It'd be nice if there was already a way to
solve the underlying problem by ensuring that all worksheets were always
distinct "guest" users.
Thanks,
Jason
It would ensure that as long as the number of accounts in the pool
exceeds the number of simultaneous logins. It would be easy to
automatically create, e.g., ten thousand accounts, and put them in a
server pool, then limit the number of simultaneous users to 10000.
-- william
And after searching for a few minutes, I can't find any pre-built
solutions to allow thousands or tens of thousands temporary guest
accounts that are added/deleted on the fly. So yeah, what you said
sounds like the best solution at this point. Especially since there is
a very real upper bound to the number of simultaneous users in a Sage
server.
We need to deal with this with the Sage cell server, which works by
forking a single Sage process for instant worksheet startup time. We'll
have to change the userid for the process after we fork it to one of
these pooled accounts.
Thanks,
Jason
One thing you could do in Unix is to use anonymous user IDs, user IDs
without a name. But this would probably break stuff. Also, it's hard
to determine that a user ID is really not in use, or to prevent it
becoming used in the future.