EMSRV: Can I hide directories of my server
43 views
Skip to first unread message
jtu...@objektfabrik.de
Nov 8, 2012, 9:02:48 AM11/8/12
to va-sma...@googlegroups.com
Hi,
this may sound like a strange question...
Is it possible to prevent EMSRV to make certain server paths invisible?
What do I mean by that?
Suppose I'd like to install an instance of EMSRV on some server that is accessible publicly. This is intended to have a place that is more private than VASTGoodies to exchange code with other developers (NOT open source code, and not code that is in a state that can be published).
EMSRV should not allow to open a file browser on the server directories other than maybe one single path, optimal would be no file
prompter at all. What I mean is the dialog that opens when you select "connect to server" or "clone library" and such. Users can probably not do much harm, but I'd be much more comfortable if noone can use this dialog to find out anything about the file system of the server.
I know that EMSRV is not the perfect solution for a distributed team, but at least it can be used to exchange versions of Applications and Maps between developers, so it sounds like the easiest and least painful alternative to work in a (small) distributed team to exchange some VA ST code...
Thanks for your ideas,
Joachim
this may sound like a strange question...
Is it possible to prevent EMSRV to make certain server paths invisible?
What do I mean by that?
Suppose I'd like to install an instance of EMSRV on some server that is accessible publicly. This is intended to have a place that is more private than VASTGoodies to exchange code with other developers (NOT open source code, and not code that is in a state that can be published).
EMSRV should not allow to open a file browser on the server directories other than maybe one single path, optimal would be no file
prompter at all. What I mean is the dialog that opens when you select "connect to server" or "clone library" and such. Users can probably not do much harm, but I'd be much more comfortable if noone can use this dialog to find out anything about the file system of the server.
I know that EMSRV is not the perfect solution for a distributed team, but at least it can be used to exchange versions of Applications and Maps between developers, so it sounds like the easiest and least painful alternative to work in a (small) distributed team to exchange some VA ST code...
Thanks for your ideas,
Joachim
John O'Keefe
Nov 8, 2012, 3:44:13 PM11/8/12
to va-sma...@googlegroups.com
Joachim -
Could you control this with directory permissions? If EMSRV does not have read permission on a directory, I don't think it will show in the file selection dialog.
John
Thomas Koschate
Nov 9, 2012, 5:50:09 AM11/9/12
to va-sma...@googlegroups.com
On Thursday, November 8, 2012 9:02:48 AM UTC-5, jtu...@objektfabrik.de wrote:
Is it possible to prevent EMSRV to make certain server paths invisible?
Haven't tried this yet, but if you're running emsrv on a Linux box, how about using chroot to limit its scope?
Tom
jtu...@objektfabrik.de
Nov 11, 2012, 4:58:55 AM11/11/12
to va-sma...@googlegroups.com
John,
hmm. It seems I can change into directories but they seem to be empty. Not bad, but still leaves a bitter taste... But now that you said that, I may have to check more carefully what permissions my emsrv user has...
Joachim
jtu...@objektfabrik.de
Nov 11, 2012, 4:59:29 AM11/11/12
to va-sma...@googlegroups.com
Tom,
sounds like a bit more work than I'd like to invest ;-)
Joachim
Thomas Koschate
Nov 11, 2012, 8:36:02 AM11/11/12
to va-sma...@googlegroups.com
On Sunday, November 11, 2012 4:59:29 AM UTC-5, jtu...@objektfabrik.de wrote:
sounds like a bit more work than I'd like to invest ;-)
I don't disagree that it's a lot of work, but how secure do you want to be? IIRC, one can wander anywhere on the box via emsrv. After my initial email, I spent a bit of time trying to create a chroot session on a CentOS box, and never did succeed. Should you choose this route, you're probably better off with Debian/Ubuntu, so you can take advantage of schroot.
Have you considered setting up a small, simple virtual machine in which to host emsrv? That way, if you miss a permission somewhere, you're just endangering the VM, rather than your real environment. If you snapshot the VM, you can recover fairly quickly in the event of a disaster.
http://www.turnkeylinux.org/ has a bunch of free pre-built appliances that could be used as a starting point, and https://www.virtualbox.org/ has a good, free VM environment.
Tom
Reply all
Reply to author
Forward
0 new messages