Problem accessing uploaded data on custom server

[Gabriel Chênevert]

Hello all,

I run a small Sage 5.1 server for my students, set up by following loosely Jason Grout's instructions -- except that my user names are a little different, e.g. unprivileged users performing the computations are called worker0 ... worker9, and they belong to group sageworkers.

Now: when I try in the notebook to upload a data file, I can't manage to access it in the worksheet: both

open(DATA + 'file.txt')

and

open('data/file.txt')

give me permission errors, so there's probably something I didn't nail right in my user privileges... Any clue ?

[ I had another similarly set up server on which the second variant ('data/file.txt') worked but not the first one (DATA + 'file.txt')... ]

Then I thought I just might have a look (with os.system('ls -al')) at how the permissions are set up on sagenb.org, and found out that: not only do both variants work there, but in fact it seems anybody can access just any user's files with shell calls !

e.g. os.system('cat /sagenb/servers/sage_notebook-sagenb.sagenb/home/wstein/0/worksheet.html')

Erm... isn't that a little dangerous ?!?

Thanks for your thoughts,

  Gabriel Chênevert

[Andrea Lazzarotto]

2012/10/22 Gabriel Chênevert <gabriel....@isen.fr>

e.g. os.system('cat /sagenb/servers/sage_notebook-sagenb.sagenb/home/wstein/0/worksheet.html')

Erm... isn't that a little dangerous ?!?

In my opinion yes. Not that I have personally anything interesting or useful in my worksheets, mainly because I'm still a student and I use Sage not very often. But IMHO it should be fixed.

--
Andrea Lazzarotto - http://andrealazzarotto.com

[Jason Grout]

On 10/22/12 7:20 AM, Gabriel Ch�nevert wrote:
> Hello all,
>
> I run a small Sage 5.1 server for my students, set up by following

> loosely Jason Grout's instructions <http://wiki.sagemath.org/SageServer>

> -- except that my user names are a little different, e.g. unprivileged
> users performing the computations are called worker0 ... worker9, and
> they belong to group sageworkers.
>
> Now: when I try in the notebook to upload a data file, I can't manage to
> access it in the worksheet: both
>
> open(DATA + 'file.txt')
>
> and
>
> open('data/file.txt')
>
> give me permission errors, so there's probably something I didn't nail
> right in my user privileges... Any clue ?
>
> [ I had another similarly set up server on which the second variant
> ('data/file.txt') worked but not the first one (DATA + 'file.txt')... ]
>
> Then I thought I just might have a look (with os.system('ls -al')) at
> how the permissions are set up on sagenb.org, and found out that: not
> only do both variants work there, but in fact it seems anybody can
> access just any user's files with shell calls !
>
> e.g. os.system('cat
> /sagenb/servers/sage_notebook-sagenb.sagenb/home/wstein/0/worksheet.html')
>
> Erm... isn't that a little dangerous ?!?

The *only* reason the sage notebook directory is readable to the
executing user is so that DATA files will work. This is a bad design
issue. On the other hand, how should DATA directories work? Usually
they house large files, which means you'd rather not copy them from the
directory to the execution temporary directory. On the other hand,
though, since all computations execute as a single user, you can't use
file permissions to distinguish between two user DATA directories.
Something has to change to make DATA files work, but disable read access
to the notebook directory.

That said, it is silly that we have world-readable permissions on the
notebook directory, so I'm going to fix that. A better fix would:

* use separate user accounts to execute each user's code
* have the DATA directory files somehow protected for each user (and
this may have to involve copying when a worksheet is saved).
* enable a configurable umask that the notebook server uses to create
files like new worksheets

Thoughts?

Thanks,

Jason