[Cialug] minimizing exposure with web hosting

Matthew Nuzum newz at bearfruit.org
Wed Aug 4 10:58:08 CDT 2010 

On Mon, Aug 2, 2010 at 11:37 AM, Matthew Nuzum <newz at bearfruit.org> wrote:

> On Mon, Aug 2, 2010 at 10:38 AM, Daniel A. Ramaley <
> daniel.ramaley at drake.edu> wrote:
>
>> Cool idea. Thanks for offering this service to the community.
>>
>> Could you provide ssh access but with a restricted and/or chrooted
>> shell? From the documentation, rssh seems particularly suited to this,
>> though i've not used it myself.
>>
>>
> I don't think it will solve the problems at hand. What is needed is the
> able to run the command rake db:migrate or chmod +x cgi-bin/formmail.cgi ;-)
>
>
I still need to look into rssh, but here is something I experimented with
last night. I'd imagine daemonizing it and run as a user that can chmod
files owned by Apache's user.

Basically, it uses inotify to detect when a cgi script is uploaded and sets
the correct permissions. I'd think it could be expanded to run a pre-set
number of commands on upload. For example, mod_passenger looks at the
timestamp of a specific file and when it changes it reloads itself. I could
do the same thing but run rake isntead.

I'd really like some extra eyes, can you look it over and tell me what
concerns you'd have?


import os, stat
from pyinotify import WatchManager, Notifier, ThreadedNotifier, EventsCodes,
ProcessEvent

wm = WatchManager()
mask = EventsCodes.IN_DELETE | EventsCodes.IN_CREATE  # watched events

perm = stat.S_IRWXU | stat.S_IRWXG | stat.S_IROTH

class PTmp(ProcessEvent):
    def process_IN_CREATE(self, event):
        print "Create: %s" %  os.path.join(event.path, event.name)
        os.chmod( os.path.join(event.path, event.name), perm )

notifier = Notifier(wm, PTmp())
wdd = wm.add_watch('/srv/railstest/cgi-bin', mask, rec=True)

while True:  # loop forever
    try:
        # process the queue of events as explained above
        notifier.process_events()
        if notifier.check_events():
            # read notified events and enqeue them
            notifier.read_events()
        # you can do some tasks here...
    except KeyboardInterrupt:
        # destroy the inotify's instance on this interrupt (stop monitoring)
        notifier.stop()
        break

-- 
Matthew Nuzum
newz2000 on freenode, skype, linkedin, identi.ca and twitter

"Never stop learning" –Robert Nuzum (My dad)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cialug.org/pipermail/cialug/attachments/20100804/b63041db/attachment.htm

More information about the Cialug mailing list