[r-node-users] R-Node update - security improvements
17 views
Skip to first unread message
Jamie Love
Apr 16, 2010, 6:20:03 AM4/16/10
to r-node...@googlegroups.com
Hi all,
I've pushed a few changes to the code repository at http://gitorious.org/r-node.
Key updates recently include:
1. User management now includes username/password based authentication.
2 It is now possible to configure the system to have per-user R sessions (no more session sharing).
To configure R-Node to use these, look at the configuration file server/etc/config-example.js
If you have any questions about setting up R-Node to use these new features, please ask me.
Regards,
Jamie
I've pushed a few changes to the code repository at http://gitorious.org/r-node.
Key updates recently include:
1. User management now includes username/password based authentication.
2 It is now possible to configure the system to have per-user R sessions (no more session sharing).
To configure R-Node to use these, look at the configuration file server/etc/config-example.js
If you have any questions about setting up R-Node to use these new features, please ask me.
Regards,
Jamie
Vinh Nguyen
Apr 17, 2010, 8:01:09 PM4/17/10
to r-node...@googlegroups.com
So I pulled the latest update and ran make. What then do I do next to
try out these features? I checked out the files but have no idea.
Thanks.
Vinh
--
Subscription settings: http://groups.google.com/group/r-node-users/subscribe?hl=en
try out these features? I checked out the files but have no idea.
Thanks.
Vinh
Subscription settings: http://groups.google.com/group/r-node-users/subscribe?hl=en
Jamie Love
Apr 17, 2010, 8:35:05 PM4/17/10
to r-node...@googlegroups.com
Copy this to server/etc/config.xml
Then, edit it and make the changes you need.
- To use per-user R sessions, look for the parameter "sessionManagement", and change it to the text "perUser",
To require users to log in (and by extension limit access to a set of known users):
- change the "authentication" section to be:
"authentication": {
"type": "basic-user"
usersFile: "etc/users-example.js",
sessionTimeout: 30
}
The users file is a path to a file from the server directory, so to access a file in the directory 'etc', use 'etc/filename.js' -
e.g:
"authentication": {
"type": "basic-user"
usersFile: "etc/users.js",
sessionTimeout: 30
}
Then, change directory to "server/tools" and use the program rnpasswd to create the username/password login file (you must be in this directory to use this program):
This will create a user entry, allowing the user jlove to log in:
./rnpasswd ../etc/users.js jlove mypasswd
And this will delete the user:
./rnpasswd ../etc/users.js -d jlove
Hope that helps
Jamie
Vinh Nguyen
Apr 19, 2010, 11:57:03 PM4/19/10
to r-node...@googlegroups.com
error with following:
./run-server.sh
{ loadJsonFile: [Function], nodelog: [Function] }
19 Apr 20:53:19 - (local): Loaded configuration from 'etc/config.js'
SyntaxError: Unexpected token ILLEGAL
at Object.parse (native)
at Object.loadJsonFile
(/home/vinh/Downloads/r-node/deploy/rnodeUtils.js:66:17)
at Object.<anonymous> (/home/vinh/Downloads/r-node/deploy/r-node.js:33:20)
at Module._compile (node.js:704:23)
at node.js:732:20
at fs:51:23
at node.js:813:9
my server/etc/config.js:
//
// R-Node configuration file.
// Basically this defines the server side configuration for R-Node
// It's pure JSON, except that it allows single line comments
//
{
"listen": {
//
// The port to listen on.
//
"port": 2903,
//
// The interface to listen on, or null to listen on all.
// Set to 'localhost' for more security.
//
"interface": null
},
//
// Authentication module and configuration for the authentication
//
"authentication": {
// Authenticators can be found in the 'authenticators' directory.
// "none", or "basic-user"
"type": "basic-user"
// Rest of authenticator configuration listed here.
//
// For "none" no configuration is necessary.
// For "basic-user":
//
usersFile: "etc/users.js"
sessionTimeout: 30 // minutes
},
"R": {
//
// The base directory of R - default in Ubuntu is /usr/lib/R
//
"root": "/usr/lib/R",
//
// The base directory from where to find R temporary files
//
"temporaryDirectory": "/",
//
// Username and password to connect to RServe with.
// Only used if RServe requires a username/password
//
"username": "test",
"password": "test",
//
// R sessions management.
// Valid values are "single", "perUser"
//
"sessionManagement": "perUser",
//
// If you have a per-user type of session management,
// set the length of time to wait before closing an idle
// session.
//
// This is in minutes.
//
// It's a good idea to set this longer or equal to than
// the authentication session timeout.
//
"idleSessionTimeout": 30
}
}
Also, since u need to run both run-server.sh and R, do u use screen to
run both? What method do u use to keep both running?
./run-server.sh
{ loadJsonFile: [Function], nodelog: [Function] }
19 Apr 20:53:19 - (local): Loaded configuration from 'etc/config.js'
SyntaxError: Unexpected token ILLEGAL
at Object.parse (native)
at Object.loadJsonFile
(/home/vinh/Downloads/r-node/deploy/rnodeUtils.js:66:17)
at Object.<anonymous> (/home/vinh/Downloads/r-node/deploy/r-node.js:33:20)
at Module._compile (node.js:704:23)
at node.js:732:20
at fs:51:23
at node.js:813:9
my server/etc/config.js:
//
// R-Node configuration file.
// Basically this defines the server side configuration for R-Node
// It's pure JSON, except that it allows single line comments
//
{
"listen": {
//
// The port to listen on.
//
"port": 2903,
//
// The interface to listen on, or null to listen on all.
// Set to 'localhost' for more security.
//
"interface": null
},
//
// Authentication module and configuration for the authentication
//
"authentication": {
// Authenticators can be found in the 'authenticators' directory.
// "none", or "basic-user"
"type": "basic-user"
// Rest of authenticator configuration listed here.
//
// For "none" no configuration is necessary.
// For "basic-user":
//
usersFile: "etc/users.js"
sessionTimeout: 30 // minutes
},
"R": {
//
// The base directory of R - default in Ubuntu is /usr/lib/R
//
"root": "/usr/lib/R",
//
// The base directory from where to find R temporary files
//
"temporaryDirectory": "/",
//
// Username and password to connect to RServe with.
// Only used if RServe requires a username/password
//
"username": "test",
"password": "test",
//
// R sessions management.
// Valid values are "single", "perUser"
//
"sessionManagement": "perUser",
//
// If you have a per-user type of session management,
// set the length of time to wait before closing an idle
// session.
//
// This is in minutes.
//
// It's a good idea to set this longer or equal to than
// the authentication session timeout.
//
"idleSessionTimeout": 30
}
}
Also, since u need to run both run-server.sh and R, do u use screen to
run both? What method do u use to keep both running?
Jamie Love
Apr 20, 2010, 4:02:47 AM4/20/10
to r-node...@googlegroups.com
You're missing a comma after the line:
usersFile: "etc/users.js"
I usually use screen to run R-Node, and you can run Rserve without
needing to keep a window open using
R CMD Rserve
Jamie
usersFile: "etc/users.js"
I usually use screen to run R-Node, and you can run Rserve without
needing to keep a window open using
R CMD Rserve
Jamie
Vinh Nguyen
Apr 20, 2010, 10:36:15 AM4/20/10
to r-node...@googlegroups.com
Same error with this:
//
// R-Node configuration file.
// Basically this defines the server side configuration for R-Node
// It's pure JSON, except that it allows single line comments
//
{
"listen": {
//
// The port to listen on.
//
"port": 2903,
//
// The interface to listen on, or null to listen on all.
// Set to 'localhost' for more security.
//
"interface": null
},
//
// Authentication module and configuration for the authentication
//
"authentication": {
// Authenticators can be found in the 'authenticators' directory.
// "none", or "basic-user"
"type": "basic-user",
// Rest of authenticator configuration listed here.
//
// For "none" no configuration is necessary.
// For "basic-user":
//
usersFile: "etc/users.js",
//
// R-Node configuration file.
// Basically this defines the server side configuration for R-Node
// It's pure JSON, except that it allows single line comments
//
{
"listen": {
//
// The port to listen on.
//
"port": 2903,
//
// The interface to listen on, or null to listen on all.
// Set to 'localhost' for more security.
//
"interface": null
},
//
// Authentication module and configuration for the authentication
//
"authentication": {
// Authenticators can be found in the 'authenticators' directory.
// "none", or "basic-user"
// Rest of authenticator configuration listed here.
//
// For "none" no configuration is necessary.
// For "basic-user":
//
Jamie Love
Apr 20, 2010, 5:03:40 PM4/20/10
to r-node...@googlegroups.com
And you're missing a comma after the line:
"type": "basic-user"
-- I do need to make that feedback better.
"type": "basic-user"
-- I do need to make that feedback better.
Vinh Nguyen
Apr 20, 2010, 5:14:37 PM4/20/10
to r-node...@googlegroups.com
I do have this, check it again.
On Tue, Apr 20, 2010 at 2:03 PM, Jamie Love <drj...@gmail.com> wrote:
> And you're missing a comma after the line:
>
> "type": "basic-user"
--
Subscription settings: http://groups.google.com/group/r-node-users/subscribe?hl=en
On Tue, Apr 20, 2010 at 2:03 PM, Jamie Love <drj...@gmail.com> wrote:
> And you're missing a comma after the line:
>
> "type": "basic-user"
--
Jamie Love
Apr 20, 2010, 5:21:36 PM4/20/10
to r-node...@googlegroups.com
I'm afraid I can't see any other errors in the configuration file,
maybe try copying config-example.js to config.js again, and try
changing one line at a time to see if you can find the line with the
error.
Sadly the JSON format is very sensitive, and the Nodejs JSON parse
doesn't have the best error messages.
maybe try copying config-example.js to config.js again, and try
changing one line at a time to see if you can find the line with the
error.
Sadly the JSON format is very sensitive, and the Nodejs JSON parse
doesn't have the best error messages.
Vinh Nguyen
Apr 22, 2010, 6:41:50 PM4/22/10
to r-node...@googlegroups.com
Still getting the following error. I don't think the error is coming
from config.js since it says the file is already loaded. Is it coming
from rnodeUtils??? Can you share your config file?
./run-server.sh
{ loadJsonFile: [Function], nodelog: [Function] }
22 Apr 15:37:56 - (local): Loaded configuration from 'etc/config.js'
from config.js since it says the file is already loaded. Is it coming
from rnodeUtils??? Can you share your config file?
./run-server.sh
{ loadJsonFile: [Function], nodelog: [Function] }
SyntaxError: Unexpected token ILLEGAL
at Object.parse (native)
at Object.loadJsonFile
(/home/vinh/Downloads/r-node/deploy/rnodeUtils.js:66:17)
at Object.<anonymous> (/home/vinh/Downloads/r-node/deploy/r-node.js:33:20)
at Module._compile (node.js:704:23)
at node.js:732:20
at fs:51:23
at node.js:813:9
at Object.parse (native)
at Object.loadJsonFile
(/home/vinh/Downloads/r-node/deploy/rnodeUtils.js:66:17)
at Object.<anonymous> (/home/vinh/Downloads/r-node/deploy/r-node.js:33:20)
at Module._compile (node.js:704:23)
at node.js:732:20
at fs:51:23
at node.js:813:9
Jamie Love
Apr 22, 2010, 10:57:14 PM4/22/10
to r-node...@googlegroups.com
Hi Vinh,
It actually prints the "Loaded..." after loading the file, but before
parsing the file, so it's definitely a problem with that file.
Attached is a configuration file with those parsing errors fixed. It
has user logins turned on, and per-user R sessions.
I've attached an example users file as well, it has two users:
admin (with password 'admin')
test (with password 'test)
Both files should be placed in the server/etc directory.
In the end, it was the lack of " around the names of the configuration
items. I'll update the example config to make sure this isn't a
problem. I have it on my list of things to do to make the config
parsing less annoying and stupid.
When I need to shut Rserve down, I just:
ps -ef | grep '[R]serve' | awk '{print $2}' | xargs kill
(after shutting down R-Node). I don't know of any better way to do it.
It actually prints the "Loaded..." after loading the file, but before
parsing the file, so it's definitely a problem with that file.
Attached is a configuration file with those parsing errors fixed. It
has user logins turned on, and per-user R sessions.
I've attached an example users file as well, it has two users:
admin (with password 'admin')
test (with password 'test)
Both files should be placed in the server/etc directory.
In the end, it was the lack of " around the names of the configuration
items. I'll update the example config to make sure this isn't a
problem. I have it on my list of things to do to make the config
parsing less annoying and stupid.
When I need to shut Rserve down, I just:
ps -ef | grep '[R]serve' | awk '{print $2}' | xargs kill
(after shutting down R-Node). I don't know of any better way to do it.
Reply all
Reply to author
Forward
0 new messages