Setting up a dedicated web2py server that supports multiple users, separate folders

Showing 21-55 of 55 messages
Setting up a dedicated web2py server that supports multiple users, separate folders David Bain 1/3/11 11:50 AM
I'm setting up a webserver that supports web2py, each user should have their own web2py instance, hopefully everything will be deployed via mod_wsgi.

This my goal:
Each user will be able to deploy their apps to their own 'www' folder on the webserver

filesystem:
~user/www/

for a <user> the web2py app would be available at:
http server:
https://example.com/<user>/examples/appadmin
http://example.com/<user>/examples

Nice to have would be a Cherokee based solution
Re: Setting up a dedicated web2py server that supports multiple users, separate folders mdipierro 1/3/11 5:27 PM
The main problem here is not app->path mapping (which is not supported
but could be). The problem is that if you have one web2py instance it
must run as www-data and all those folders must be readable/writable
by www-data. This means users are not protected from errors performed
by other users.
> *Nice to have would be a Cherokee based solution*
Re: Setting up a dedicated web2py server that supports multiple users, separate folders VP 1/3/11 8:13 PM
I think it'll be convenient for multiple users to work on one web2py
installation, if there's a layer on top of the admin app, providing
the following features:

1. The admin app allows user registration.
2. Each user can view/edit only apps that he/she creates.


This is strictly at the (admin) app level.  Everything is the same as
before at the filesystem level.

(This is particularly useful for teaching (I think): one web2py app,
many students).
Re: Setting up a dedicated web2py server that supports multiple users, separate folders Graham Dumpleton 1/3/11 8:43 PM
Use daemon mode of mod_wsgi. Have a daemon process group per user with the user/group of the daemon process corresponding to that of the user whose web2py instance will run in that daemon process group. Then delegate each web2py instance to appropriate daemon process group.

The only hard bit in this is that daemon process groups are statically defined and so to add new user, you need to update Apache configuration and restart Apache.

For quick setup instructions for daemon mode of mod_wsgi read:


That example shows a daemon process group for whole virtual host, but it isn't limited to that and is flexible enough to do what you want.

WSGIDaemonProcess default processes=2 threads=25

<VirtualHost *:80>
ServerName www.site.com

WSGIDaemonProcess bob user=bob group=bob display-name=%{GROUP}

<Directory /home/bob/www>
Options ExecCGI
AllowOverride FileInfo
AddHandler wsgi-script .wsgi
WSGIProcessGroup bob
</Directory>

WSGIDaemonProcess joe user=joe group=joe

<Directory /home/joe/www>
Options ExecCGI
AllowOverride FileInfo
AddHandler wsgi-script .wsgi
WSGIProcessGroup joe
</Directory>

</VirtualHost>

Graham
Re: Setting up a dedicated web2py server that supports multiple users, separate folders VP 1/3/11 9:10 PM
From a practical point of view, I think it's not cost effective to
give one web2py clone to each user.  The reason is each web2py clone/
process takes a decent chunk of RAM.


On Jan 3, 10:43 pm, Graham Dumpleton <graham.dumple...@gmail.com>
wrote:
> Use daemon mode of mod_wsgi. Have a daemon process group per user with the
> user/group of the daemon process corresponding to that of the user whose
> web2py instance will run in that daemon process group. Then delegate each
> web2py instance to appropriate daemon process group.
>
> The only hard bit in this is that daemon process groups are statically
> defined and so to add new user, you need to update Apache configuration and
> restart Apache.
>
> For quick setup instructions for daemon mode of mod_wsgi read:
>
>  http://code.google.com/p/modwsgi/wiki/QuickConfigurationGuide#Delegat...
> > *Nice to have would be a Cherokee based solution*
>
>
Re: Setting up a dedicated web2py server that supports multiple users, separate folders mdipierro 1/4/11 3:50 AM
This can be done but it would not prevent one use to write code (an
app) that reads or deletes another user app. As long as this is clear,
I coud modify admin for this purpose (or create another admin).
Re: [web2py] Re: Setting up a dedicated web2py server that supports multiple users, separate folders David Bain 1/4/11 6:28 AM
I like the modified admin approach, it would be simpler, for teaching purposes it would work, it would need to be modified for production style scenarios as it would not be an acceptable risk.
Re: Setting up a dedicated web2py server that supports multiple users, separate folders mdipierro 1/4/11 7:49 AM
In trunk.

- Deploy the latest admin
- edit file applications/admin/models/0.py and set
  MULTI_USER_MODE = True
- Try access admin and it will require registration/login
- The first user to register is teacher (can see all apps)
- All other users are students (can only see/edit/create their own
apps)

This does not prevent one user from writing dangerous code. The code,
whoever creates it, always runs under the same privileged and has
access to the entire web2py folder.

At the moment students get access to each other appdmin controllers.

Please help with testing!

On Jan 4, 8:28 am, David Bain <pigeonfli...@gmail.com> wrote:
> I like the modified admin approach, it would be simpler, for teaching
> purposes it would work, it would need to be modified for production style
> scenarios as it would not be an acceptable risk.
>
Re: [web2py] Re: Setting up a dedicated web2py server that supports multiple users, separate folders David Bain 1/4/11 7:54 AM
Thanks Massimo,
Checking out  trunk now.
Re: [web2py] Re: Setting up a dedicated web2py server that supports multiple users, separate folders David Bain 1/4/11 8:44 AM
Massimo,
Nice! It works... so as long as I register first I'm the teacher :).
I'm just looking at web2py again in the last few weeks. I'm very happy to help with documentation of this feature. Just point me in the right direction.

see: Screenshot below:
user login.jpg
Re: [web2py] Re: Setting up a dedicated web2py server that supports multiple users, separate folders rochacbruno 1/4/11 8:47 AM
Thanks! this will ne very usefull for me too.

2011/1/4 mdipierro <mdip...@cs.depaul.edu>

In trunk.

- Deploy the latest admin
- edit file applications/admin/models/0.py and set
 MULTI_USER_MODE = True

--

Bruno Rocha
http://about.me/rochacbruno/bio
Re: [web2py] Re: Setting up a dedicated web2py server that supports multiple users, separate folders David Bain 1/4/11 8:48 AM
Just a note. There was no option to register.
I had to visit localhost:8000/admin/default/user/register

Re: Setting up a dedicated web2py server that supports multiple users, separate folders mdipierro 1/4/11 8:56 AM
Oops. I missed a file in the commit. adding it now.

One more caveat. For security, the first user is the teacher and
registration is enabled by default.
For all other users of admin (students) registration requires
verification. That means the teacher must login, user /admin/appadmin
and clear the content of the "registration_key" field for approved
students.

This is for preventing non-students from getting their hands on the
system.

Massimo

On Jan 4, 10:44 am, David Bain <pigeonfli...@gmail.com> wrote:
> Massimo,
> Nice! It works... so as long as I register first I'm the teacher :).
> I'm just looking at web2py again in the last few weeks. I'm very happy to
> help with documentation of this feature. Just point me in the right
> direction.
>
> see: Screenshot below:
> [image: user login.jpg]
>
> On Tue, Jan 4, 2011 at 10:54 AM, David Bain <pigeonfli...@gmail.com> wrote:
> > Thanks Massimo,
> > Checking out  trunk now.
>
>  user login.jpg
> 41KViewDownload
Re: [web2py] Re: Setting up a dedicated web2py server that supports multiple users, separate folders David Bain 1/4/11 8:56 AM
Okay... I've started hacking the "Teaching version" of web2py. Hardcoded my own twitter feed.
I think it would be nice to offer custom feeds on the admin page:
see screenshot below:
site.jpg
Re: Setting up a dedicated web2py server that supports multiple users, separate folders mdipierro 1/4/11 8:57 AM
It would be nice to have some documentation. For now even a simple
blog post that explains purpose, how to, and shows some screen shots
will do.

Massimo

On Jan 4, 10:44 am, David Bain <pigeonfli...@gmail.com> wrote:
> Massimo,
> Nice! It works... so as long as I register first I'm the teacher :).
> I'm just looking at web2py again in the last few weeks. I'm very happy to
> help with documentation of this feature. Just point me in the right
> direction.
>
> see: Screenshot below:
> [image: user login.jpg]
>
> On Tue, Jan 4, 2011 at 10:54 AM, David Bain <pigeonfli...@gmail.com> wrote:
> > Thanks Massimo,
> > Checking out  trunk now.
>
>  user login.jpg
> 41KViewDownload
Re: [web2py] Re: Setting up a dedicated web2py server that supports multiple users, separate folders David Bain 1/4/11 9:07 AM
Possible bug: 
The teacher account is fine. However I created my first student account and was unable to log in with the credentials.


Here's my checklist of nice to have features
--------------------------------------------------------------
  • Bulk import of users from a csv
  • by default prevent non-teachers from being able to use the application wizard/ check for upgrades/ new simple application/deply to google app engine (I've X'ed out what should not be in the interface by default)
site-1.jpg
  • possibly allow teachers to selectively enable features
Re: [web2py] Re: Setting up a dedicated web2py server that supports multiple users, separate folders David Bain 1/4/11 9:09 AM
I missed the part about verification.  That's probably the issue.
Re: Setting up a dedicated web2py server that supports multiple users, separate folders VP 1/4/11 9:10 AM

>> One more caveat. For security, the first user is the teacher and registration is enabled by default.

I haven't tried this, but will soon.  One question: Would the password
of the first user be the same as the password given to web2py?

Thanks.
Re: [web2py] Re: Setting up a dedicated web2py server that supports multiple users, separate folders David Bain 1/4/11 9:13 AM
VP,
No the password is the password that the first user signs up with.
Re: [web2py] Re: Setting up a dedicated web2py server that supports multiple users, separate folders David Bain 1/4/11 9:16 AM
I'm wondering about the authentication issue. I'm working behind a firewall which blocks port 587 (used to communicate with gmail), which I'd like to use as my smtp server. 

I think for my use case I have two options:

  1. Host the server in front of the firewall
  2. Host the email sending code in front of the firewall e.g. something hosted on google appengine.

 Any other thoughts on this?
Re: Setting up a dedicated web2py server that supports multiple users, separate folders VP 1/4/11 9:17 AM
Okay. Thanks.

On Jan 4, 11:13 am, David Bain <pigeonfli...@gmail.com> wrote:
> VP,
> No the password is the password that the first user signs up with.
>
Re: [web2py] Re: Setting up a dedicated web2py server that supports multiple users, separate folders David Bain 1/4/11 9:29 AM
Okay the register button is now present :)
user login-1.jpg
Re: Setting up a dedicated web2py server that supports multiple users, separate folders mdipierro 1/4/11 10:01 AM


On Jan 4, 11:07 am, David Bain <pigeonfli...@gmail.com> wrote:
> Possible bug:
> The teacher account is fine. However I created my first student account and
> was unable to log in with the credentials.
>
> Here's my checklist of nice to have features
> --------------------------------------------------------------
>
>    - Bulk import of users from a csv

you can do it already via admin/appadmin/

>    - by default prevent non-teachers from being able to use the application
>    wizard/ check for upgrades/ new simple application/deply to google app
>    engine (I've X'ed out what should not be in the interface by default)

check for upgrades should already be disabled. I will look into it.

> [image: site-1.jpg]
>
>    - possibly allow teachers to selectively enable features

We could have more flags in 0.py and corresponding if statements in
controllers.
>  site-1.jpg
> 32KViewDownload
Re: [web2py] Re: Setting up a dedicated web2py server that supports multiple users, separate folders David Bain 1/4/11 10:07 AM
@mdpierro,
More flags in 0.py would be "good enough (tm)" for my use case.
Re: [web2py] Re: Setting up a dedicated web2py server that supports multiple users, separate folders David Bain 1/4/11 11:10 AM
When I try to access /admin/appadmin in Multiuser/Teaching mode.
I get an error.

see traceback below:
Traceback (most recent call last):
File "/home/user/web2pytrunkagain/gluon/restricted.py", line 188, in restricted
exec ccode in environment
File "/home/user/web2pytrunkagain/applications/admin/controllers/appadmin.py", line 33, in <module>
if not gluon.fileutils.check_credentials(request):
File "/home/user/web2pytrunkagain/gluon/fileutils.py", line 300, in check_credentials
return get_session(request, other_application).authorized
File "/home/user/web2pytrunkagain/gluon/fileutils.py", line 278, in get_session
raise KeyError
KeyError

On Tue, Jan 4, 2011 at 1:01 PM, mdipierro <mdip...@cs.depaul.edu> wrote:

Re: Setting up a dedicated web2py server that supports multiple users, separate folders mdipierro 1/4/11 12:45 PM
Can you try comment these two lines in gluon/fileutils.py

    if request.application == other_application:
        raise KeyError

Does this fix the problem?

Massimo

On Jan 4, 1:10 pm, David Bain <pigeonfli...@gmail.com> wrote:
> When I try to access /admin/appadmin in Multiuser/Teaching mode.
> I get an error.
>
> see traceback below:
>
> Traceback (most recent call last):
>   File "/home/user/web2pytrunkagain/gluon/restricted.py", line 188, in
> restricted
>     exec ccode in environment
>   File "/home/user/web2pytrunkagain/applications/admin/controllers/appadmin.py"
> <https://localhost:8001/admin/default/edit/admin/controllers/appadmin.py>,
> line 33, in <module>
>     if not gluon.fileutils.check_credentials(request):
>   File "/home/user/web2pytrunkagain/gluon/fileutils.py", line 300, in
> check_credentials
>     return get_session(request, other_application).authorized
>   File "/home/user/web2pytrunkagain/gluon/fileutils.py", line 278, in
> get_session
>     raise KeyError
> KeyError
>
> On Tue, Jan 4, 2011 at 1:01 PM, mdipierro <mdipie...@cs.depaul.edu> wrote:
>
> > On Jan 4, 11:07 am, David Bain <pigeonfli...@gmail.com> wrote:
> > > Possible bug:
> > > The teacher account is fine. However I created my first student account
> > and
> > > was unable to log in with the credentials.
>
> > > Here's my checklist of nice to have features
> > > --------------------------------------------------------------
>
> > >    - Bulk import of users from a csv
>
> > you can do it already via admin/appadmin/
>
> > >    - by default prevent non-teachers from being able to use the
> > application
> > >    wizard/ check for upgrades/ new simple application/deply to google app
> > >    engine (I've X'ed out what should not be in the interface by default)
>
> > check for upgrades should already be disabled. I will look into it.
>
> > > [image: site-1.jpg]
>
> > >    - possibly allow teachers to selectively enable features
>
> > We could have more flags in 0.py and corresponding if statements in
> > controllers.
>
> > > On Tue, Jan 4, 2011 at 11:57 AM, mdipierro <mdipie...@cs.depaul.edu>
> > wrote:
> > > > It would be nice to have some documentation. For now even a simple
> > > > blog post that explains purpose, how to, and shows some screen shots
> > > > will do.
>
> > > > Massimo
>
> > > > On Jan 4, 10:44 am, David Bain <pigeonfli...@gmail.com> wrote:
> > > > > Massimo,
> > > > > Nice! It works... so as long as I register first I'm the teacher :).
> > > > > I'm just looking at web2py again in the last few weeks. I'm very
> > happy to
> > > > > help with documentation of this feature. Just point me in the right
> > > > > direction.
>
> > > > > see: Screenshot below:
> > > > > [image: user login.jpg]
>
> > > > > On Tue, Jan 4, 2011 at 10:54 AM, David Bain <pigeonfli...@gmail.com>
> > > > wrote:
> > > > > > Thanks Massimo,
> > > > > > Checking out  trunk now.
>
> > > > > > On Tue, Jan 4, 2011 at 10:49 AM, mdipierro <
> > mdipie...@cs.depaul.edu
> > > > >wrote:
>
> > > > > >> In trunk.
>
> > > > > >> - Deploy the latest admin
> > > > > >> - edit file applications/admin/models/0.py and set
> > > > > >>  MULTI_USER_MODE = True
> > > > > >> - Try access admin and it will require registration/login
> > > > > >> - The first user to register is teacher (can see all apps)
> > > > > >> - All other users are students (can only see/edit/create their own
> > > > > >> apps)
>
> > > > > >> This does not prevent one user from writing dangerous code. The
> > code,
> > > > > >> whoever creates it, always runs under the same privileged and has
> > > > > >> access to the entire web2py folder.
>
> > > > > >> At the moment students get access to each other appdmin
> > controllers.
>
> > > > > >> Please help with testing!
>
> > > > > >> On Jan 4, 8:28 am, David Bain <pigeonfli...@gmail.com> wrote:
> > > > > >> > I like the modified admin approach, it would be simpler, for
> > > > teaching
> > > > > >> > purposes it would work, it would need to be modified for
> > production
> > > > > >> style
> > > > > >> > scenarios as it would not be an acceptable risk.
>
> > > > > >> > On Tue, Jan 4, 2011 at 6:50 AM, mdipierro <
> > mdipie...@cs.depaul.edu>
> > > > > >> wrote:
> > > > > >> > > This can be done but it would not prevent one use to write
> > code
> > > > (an
> > > > > >> > > app) that reads or deletes another user app. As long as this
> > is
> > > > clear,
> > > > > >> > > I coud modify admin for this purpose (or create another
> > admin).
>
> > > > > >> > > On Jan 3, 10:13 pm, VP <vtp2...@gmail.com> wrote:
> > > > > >> > > > I think it'll be convenient for multiple users to work on
> > one
> > > > web2py
> > > > > >> > > > installation, if there's a layer on top of the admin app,
> > > > providing
> > > > > >> > > > the following features:
>
> > > > > >> > > > 1. The admin app allows user registration.
> > > > > >> > > > 2. Each user can view/edit only apps that he/she creates.
>
> > > > > >> > > > This is strictly at the (admin) app level.  Everything is
> > the
> > > > same
> > > > > >> as
> > > > > >> > > > before at the filesystem level.
>
> > > > > >> > > > (This is particularly useful for teaching (I think): one
> > web2py
> > > > app,
> > > > > >> > > > many students).
>
> > > > >  user login.jpg
> > > > > 41KViewDownload
>
> > >  site-1.jpg
> > > 32KViewDownload
>
>
Re: Setting up a dedicated web2py server that supports multiple users, separate folders mdipierro 1/4/11 1:47 PM
I think this is now fixed.
Re: [web2py] Re: Setting up a dedicated web2py server that supports multiple users, separate folders David Bain 1/4/11 2:05 PM
I didn't get much out of commenting out those lines. In Chrome I got an unresolvable url.
Re: Setting up a dedicated web2py server that supports multiple users, separate folders mdipierro 1/4/11 2:14 PM
never mind. should now be fixed in trunk.

On Jan 4, 4:05 pm, David Bain <pigeonfli...@gmail.com> wrote:
> I didn't get much out of commenting out those lines. In Chrome I got an
> unresolvable url.
>
Re: [web2py] Re: Setting up a dedicated web2py server that supports multiple users, separate folders David Bain 1/4/11 3:00 PM
BTW... regarding using a different notification solution for validation, is that built in or will I need to "roll my own"? I can't use an smtp solution because of blocked ports, so I'll need to send the information over http/https to some server that will send the validation information.
Re: Setting up a dedicated web2py server that supports multiple users, separate folders mdipierro 1/4/11 3:08 PM
If it is a linux box, you can use postfix or other local mail server.

On Jan 4, 5:00 pm, David Bain <pigeonfli...@gmail.com> wrote:
> BTW... regarding using a different notification solution for validation, is
> that built in or will I need to "roll my own"? I can't use an smtp solution
> because of blocked ports, so I'll need to send the information over
> http/https to some server that will send the validation information.
>
Re: [web2py] Re: Setting up a dedicated web2py server that supports multiple users, separate folders David Bain 1/4/11 3:23 PM
Wouldn't postfix still need the outgoing smtp port to be open in order to send emails?

The diagram below shows our setup.user login-3.jpg
Re: Setting up a dedicated web2py server that supports multiple users, separate folders mdipierro 1/4/11 5:06 PM
you are right... You can use janrain. You just need to configure admin/
models/db.py but mind you loose the configuration on web2py upgrade.

On Jan 4, 5:23 pm, David Bain <pigeonfli...@gmail.com> wrote:
> Wouldn't postfix still need the outgoing smtp port to be open in order to
> send emails?
>
> The diagram below shows our setup.[image: user login-3.jpg]
>
>  user login-3.jpg
> 38KViewDownload
Re: [web2py] Re: Setting up a dedicated web2py server that supports multiple users, separate folders David Bain 1/4/11 6:07 PM
I think janrain might work for me.
Re: Setting up a dedicated web2py server that supports multiple users, separate folders mdipierro 1/4/11 6:23 PM
You can just disable require verification since, you will be approving
accounts manually.
You can also disable change_passord and no email needs to be sent my
the system
If they need to reset password they can contact you and can do it via
admin/appadmin

Massimo



On Jan 4, 8:07 pm, David Bain <pigeonfli...@gmail.com> wrote:
> I think janrain might work for me.
>