Is my config enough secure? [closed]
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I would like to run some applications supplied by my clients on my vm but I want to limit their access.
I wanted to know if I create them a user that can only read/write/execute files on their $home directory and then execute their application with this command sudo -H -u <client_user> bash -c "command to run their app"
would be secure.
EDIT: The applications supplied by my clients would be executed from a NodeJs server on the vm. So, I don't want them to read/write/execute files from the other applications that have been started from the same NodeJs server.
security
closed as primarily opinion-based by Jeff Schaller, sebasth, Kusalananda, GAD3R, Stephen Rauch Oct 14 '17 at 15:53
Many good questions generate some degree of opinion based on expert experience, but answers to this question will tend to be almost entirely based on opinions, rather than facts, references, or specific expertise. If this question can be reworded to fit the rules in the help center, please edit the question.
add a comment |Â
up vote
0
down vote
favorite
I would like to run some applications supplied by my clients on my vm but I want to limit their access.
I wanted to know if I create them a user that can only read/write/execute files on their $home directory and then execute their application with this command sudo -H -u <client_user> bash -c "command to run their app"
would be secure.
EDIT: The applications supplied by my clients would be executed from a NodeJs server on the vm. So, I don't want them to read/write/execute files from the other applications that have been started from the same NodeJs server.
security
closed as primarily opinion-based by Jeff Schaller, sebasth, Kusalananda, GAD3R, Stephen Rauch Oct 14 '17 at 15:53
Many good questions generate some degree of opinion based on expert experience, but answers to this question will tend to be almost entirely based on opinions, rather than facts, references, or specific expertise. If this question can be reworded to fit the rules in the help center, please edit the question.
3
Secure against what? What could they or the app do that would be harmful? And why not directly start the app; why wrap it in bash?
â Jeff Schaller
Oct 14 '17 at 14:25
I don't want them to corrupt/stop/delete my vm and/or the other applications that are running on it.
â SML
Oct 14 '17 at 14:28
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I would like to run some applications supplied by my clients on my vm but I want to limit their access.
I wanted to know if I create them a user that can only read/write/execute files on their $home directory and then execute their application with this command sudo -H -u <client_user> bash -c "command to run their app"
would be secure.
EDIT: The applications supplied by my clients would be executed from a NodeJs server on the vm. So, I don't want them to read/write/execute files from the other applications that have been started from the same NodeJs server.
security
I would like to run some applications supplied by my clients on my vm but I want to limit their access.
I wanted to know if I create them a user that can only read/write/execute files on their $home directory and then execute their application with this command sudo -H -u <client_user> bash -c "command to run their app"
would be secure.
EDIT: The applications supplied by my clients would be executed from a NodeJs server on the vm. So, I don't want them to read/write/execute files from the other applications that have been started from the same NodeJs server.
security
edited Oct 14 '17 at 14:29
asked Oct 14 '17 at 14:17
SML
32
32
closed as primarily opinion-based by Jeff Schaller, sebasth, Kusalananda, GAD3R, Stephen Rauch Oct 14 '17 at 15:53
Many good questions generate some degree of opinion based on expert experience, but answers to this question will tend to be almost entirely based on opinions, rather than facts, references, or specific expertise. If this question can be reworded to fit the rules in the help center, please edit the question.
closed as primarily opinion-based by Jeff Schaller, sebasth, Kusalananda, GAD3R, Stephen Rauch Oct 14 '17 at 15:53
Many good questions generate some degree of opinion based on expert experience, but answers to this question will tend to be almost entirely based on opinions, rather than facts, references, or specific expertise. If this question can be reworded to fit the rules in the help center, please edit the question.
3
Secure against what? What could they or the app do that would be harmful? And why not directly start the app; why wrap it in bash?
â Jeff Schaller
Oct 14 '17 at 14:25
I don't want them to corrupt/stop/delete my vm and/or the other applications that are running on it.
â SML
Oct 14 '17 at 14:28
add a comment |Â
3
Secure against what? What could they or the app do that would be harmful? And why not directly start the app; why wrap it in bash?
â Jeff Schaller
Oct 14 '17 at 14:25
I don't want them to corrupt/stop/delete my vm and/or the other applications that are running on it.
â SML
Oct 14 '17 at 14:28
3
3
Secure against what? What could they or the app do that would be harmful? And why not directly start the app; why wrap it in bash?
â Jeff Schaller
Oct 14 '17 at 14:25
Secure against what? What could they or the app do that would be harmful? And why not directly start the app; why wrap it in bash?
â Jeff Schaller
Oct 14 '17 at 14:25
I don't want them to corrupt/stop/delete my vm and/or the other applications that are running on it.
â SML
Oct 14 '17 at 14:28
I don't want them to corrupt/stop/delete my vm and/or the other applications that are running on it.
â SML
Oct 14 '17 at 14:28
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
accepted
Applications which are not allowed to interfere with each other should never run as the root
user and they should either run as different users or in a chroot jail.
Using different users also requires proper files permittions for the subtree with the data. I.e. the home directories should have 700
permissions.
So, running an application withsudo -H -u <client_user> bash -c "command to run their app"
is not good? What should I use?
â SML
Oct 14 '17 at 14:54
@SML You misunderstood me. This command is not wrong but not enough. You have to make sure that the home directory permissions are correct, too.
â Hauke Laging
Oct 14 '17 at 15:07
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
accepted
Applications which are not allowed to interfere with each other should never run as the root
user and they should either run as different users or in a chroot jail.
Using different users also requires proper files permittions for the subtree with the data. I.e. the home directories should have 700
permissions.
So, running an application withsudo -H -u <client_user> bash -c "command to run their app"
is not good? What should I use?
â SML
Oct 14 '17 at 14:54
@SML You misunderstood me. This command is not wrong but not enough. You have to make sure that the home directory permissions are correct, too.
â Hauke Laging
Oct 14 '17 at 15:07
add a comment |Â
up vote
0
down vote
accepted
Applications which are not allowed to interfere with each other should never run as the root
user and they should either run as different users or in a chroot jail.
Using different users also requires proper files permittions for the subtree with the data. I.e. the home directories should have 700
permissions.
So, running an application withsudo -H -u <client_user> bash -c "command to run their app"
is not good? What should I use?
â SML
Oct 14 '17 at 14:54
@SML You misunderstood me. This command is not wrong but not enough. You have to make sure that the home directory permissions are correct, too.
â Hauke Laging
Oct 14 '17 at 15:07
add a comment |Â
up vote
0
down vote
accepted
up vote
0
down vote
accepted
Applications which are not allowed to interfere with each other should never run as the root
user and they should either run as different users or in a chroot jail.
Using different users also requires proper files permittions for the subtree with the data. I.e. the home directories should have 700
permissions.
Applications which are not allowed to interfere with each other should never run as the root
user and they should either run as different users or in a chroot jail.
Using different users also requires proper files permittions for the subtree with the data. I.e. the home directories should have 700
permissions.
answered Oct 14 '17 at 14:52
Hauke Laging
53.6k1282130
53.6k1282130
So, running an application withsudo -H -u <client_user> bash -c "command to run their app"
is not good? What should I use?
â SML
Oct 14 '17 at 14:54
@SML You misunderstood me. This command is not wrong but not enough. You have to make sure that the home directory permissions are correct, too.
â Hauke Laging
Oct 14 '17 at 15:07
add a comment |Â
So, running an application withsudo -H -u <client_user> bash -c "command to run their app"
is not good? What should I use?
â SML
Oct 14 '17 at 14:54
@SML You misunderstood me. This command is not wrong but not enough. You have to make sure that the home directory permissions are correct, too.
â Hauke Laging
Oct 14 '17 at 15:07
So, running an application with
sudo -H -u <client_user> bash -c "command to run their app"
is not good? What should I use?â SML
Oct 14 '17 at 14:54
So, running an application with
sudo -H -u <client_user> bash -c "command to run their app"
is not good? What should I use?â SML
Oct 14 '17 at 14:54
@SML You misunderstood me. This command is not wrong but not enough. You have to make sure that the home directory permissions are correct, too.
â Hauke Laging
Oct 14 '17 at 15:07
@SML You misunderstood me. This command is not wrong but not enough. You have to make sure that the home directory permissions are correct, too.
â Hauke Laging
Oct 14 '17 at 15:07
add a comment |Â
3
Secure against what? What could they or the app do that would be harmful? And why not directly start the app; why wrap it in bash?
â Jeff Schaller
Oct 14 '17 at 14:25
I don't want them to corrupt/stop/delete my vm and/or the other applications that are running on it.
â SML
Oct 14 '17 at 14:28