Is my config enough secure? [closed]

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I would like to run some applications supplied by my clients on my vm but I want to limit their access.



I wanted to know if I create them a user that can only read/write/execute files on their $home directory and then execute their application with this command sudo -H -u <client_user> bash -c "command to run their app" would be secure.



EDIT: The applications supplied by my clients would be executed from a NodeJs server on the vm. So, I don't want them to read/write/execute files from the other applications that have been started from the same NodeJs server.







share|improve this question














closed as primarily opinion-based by Jeff Schaller, sebasth, Kusalananda, GAD3R, Stephen Rauch Oct 14 '17 at 15:53


Many good questions generate some degree of opinion based on expert experience, but answers to this question will tend to be almost entirely based on opinions, rather than facts, references, or specific expertise. If this question can be reworded to fit the rules in the help center, please edit the question.










  • 3




    Secure against what? What could they or the app do that would be harmful? And why not directly start the app; why wrap it in bash?
    – Jeff Schaller
    Oct 14 '17 at 14:25










  • I don't want them to corrupt/stop/delete my vm and/or the other applications that are running on it.
    – SML
    Oct 14 '17 at 14:28














up vote
0
down vote

favorite












I would like to run some applications supplied by my clients on my vm but I want to limit their access.



I wanted to know if I create them a user that can only read/write/execute files on their $home directory and then execute their application with this command sudo -H -u <client_user> bash -c "command to run their app" would be secure.



EDIT: The applications supplied by my clients would be executed from a NodeJs server on the vm. So, I don't want them to read/write/execute files from the other applications that have been started from the same NodeJs server.







share|improve this question














closed as primarily opinion-based by Jeff Schaller, sebasth, Kusalananda, GAD3R, Stephen Rauch Oct 14 '17 at 15:53


Many good questions generate some degree of opinion based on expert experience, but answers to this question will tend to be almost entirely based on opinions, rather than facts, references, or specific expertise. If this question can be reworded to fit the rules in the help center, please edit the question.










  • 3




    Secure against what? What could they or the app do that would be harmful? And why not directly start the app; why wrap it in bash?
    – Jeff Schaller
    Oct 14 '17 at 14:25










  • I don't want them to corrupt/stop/delete my vm and/or the other applications that are running on it.
    – SML
    Oct 14 '17 at 14:28












up vote
0
down vote

favorite









up vote
0
down vote

favorite











I would like to run some applications supplied by my clients on my vm but I want to limit their access.



I wanted to know if I create them a user that can only read/write/execute files on their $home directory and then execute their application with this command sudo -H -u <client_user> bash -c "command to run their app" would be secure.



EDIT: The applications supplied by my clients would be executed from a NodeJs server on the vm. So, I don't want them to read/write/execute files from the other applications that have been started from the same NodeJs server.







share|improve this question














I would like to run some applications supplied by my clients on my vm but I want to limit their access.



I wanted to know if I create them a user that can only read/write/execute files on their $home directory and then execute their application with this command sudo -H -u <client_user> bash -c "command to run their app" would be secure.



EDIT: The applications supplied by my clients would be executed from a NodeJs server on the vm. So, I don't want them to read/write/execute files from the other applications that have been started from the same NodeJs server.









share|improve this question













share|improve this question




share|improve this question








edited Oct 14 '17 at 14:29

























asked Oct 14 '17 at 14:17









SML

32




32




closed as primarily opinion-based by Jeff Schaller, sebasth, Kusalananda, GAD3R, Stephen Rauch Oct 14 '17 at 15:53


Many good questions generate some degree of opinion based on expert experience, but answers to this question will tend to be almost entirely based on opinions, rather than facts, references, or specific expertise. If this question can be reworded to fit the rules in the help center, please edit the question.






closed as primarily opinion-based by Jeff Schaller, sebasth, Kusalananda, GAD3R, Stephen Rauch Oct 14 '17 at 15:53


Many good questions generate some degree of opinion based on expert experience, but answers to this question will tend to be almost entirely based on opinions, rather than facts, references, or specific expertise. If this question can be reworded to fit the rules in the help center, please edit the question.









  • 3




    Secure against what? What could they or the app do that would be harmful? And why not directly start the app; why wrap it in bash?
    – Jeff Schaller
    Oct 14 '17 at 14:25










  • I don't want them to corrupt/stop/delete my vm and/or the other applications that are running on it.
    – SML
    Oct 14 '17 at 14:28












  • 3




    Secure against what? What could they or the app do that would be harmful? And why not directly start the app; why wrap it in bash?
    – Jeff Schaller
    Oct 14 '17 at 14:25










  • I don't want them to corrupt/stop/delete my vm and/or the other applications that are running on it.
    – SML
    Oct 14 '17 at 14:28







3




3




Secure against what? What could they or the app do that would be harmful? And why not directly start the app; why wrap it in bash?
– Jeff Schaller
Oct 14 '17 at 14:25




Secure against what? What could they or the app do that would be harmful? And why not directly start the app; why wrap it in bash?
– Jeff Schaller
Oct 14 '17 at 14:25












I don't want them to corrupt/stop/delete my vm and/or the other applications that are running on it.
– SML
Oct 14 '17 at 14:28




I don't want them to corrupt/stop/delete my vm and/or the other applications that are running on it.
– SML
Oct 14 '17 at 14:28










1 Answer
1






active

oldest

votes

















up vote
0
down vote



accepted










Applications which are not allowed to interfere with each other should never run as the root user and they should either run as different users or in a chroot jail.



Using different users also requires proper files permittions for the subtree with the data. I.e. the home directories should have 700 permissions.






share|improve this answer




















  • So, running an application with sudo -H -u <client_user> bash -c "command to run their app" is not good? What should I use?
    – SML
    Oct 14 '17 at 14:54










  • @SML You misunderstood me. This command is not wrong but not enough. You have to make sure that the home directory permissions are correct, too.
    – Hauke Laging
    Oct 14 '17 at 15:07

















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
0
down vote



accepted










Applications which are not allowed to interfere with each other should never run as the root user and they should either run as different users or in a chroot jail.



Using different users also requires proper files permittions for the subtree with the data. I.e. the home directories should have 700 permissions.






share|improve this answer




















  • So, running an application with sudo -H -u <client_user> bash -c "command to run their app" is not good? What should I use?
    – SML
    Oct 14 '17 at 14:54










  • @SML You misunderstood me. This command is not wrong but not enough. You have to make sure that the home directory permissions are correct, too.
    – Hauke Laging
    Oct 14 '17 at 15:07














up vote
0
down vote



accepted










Applications which are not allowed to interfere with each other should never run as the root user and they should either run as different users or in a chroot jail.



Using different users also requires proper files permittions for the subtree with the data. I.e. the home directories should have 700 permissions.






share|improve this answer




















  • So, running an application with sudo -H -u <client_user> bash -c "command to run their app" is not good? What should I use?
    – SML
    Oct 14 '17 at 14:54










  • @SML You misunderstood me. This command is not wrong but not enough. You have to make sure that the home directory permissions are correct, too.
    – Hauke Laging
    Oct 14 '17 at 15:07












up vote
0
down vote



accepted







up vote
0
down vote



accepted






Applications which are not allowed to interfere with each other should never run as the root user and they should either run as different users or in a chroot jail.



Using different users also requires proper files permittions for the subtree with the data. I.e. the home directories should have 700 permissions.






share|improve this answer












Applications which are not allowed to interfere with each other should never run as the root user and they should either run as different users or in a chroot jail.



Using different users also requires proper files permittions for the subtree with the data. I.e. the home directories should have 700 permissions.







share|improve this answer












share|improve this answer



share|improve this answer










answered Oct 14 '17 at 14:52









Hauke Laging

53.6k1282130




53.6k1282130











  • So, running an application with sudo -H -u <client_user> bash -c "command to run their app" is not good? What should I use?
    – SML
    Oct 14 '17 at 14:54










  • @SML You misunderstood me. This command is not wrong but not enough. You have to make sure that the home directory permissions are correct, too.
    – Hauke Laging
    Oct 14 '17 at 15:07
















  • So, running an application with sudo -H -u <client_user> bash -c "command to run their app" is not good? What should I use?
    – SML
    Oct 14 '17 at 14:54










  • @SML You misunderstood me. This command is not wrong but not enough. You have to make sure that the home directory permissions are correct, too.
    – Hauke Laging
    Oct 14 '17 at 15:07















So, running an application with sudo -H -u <client_user> bash -c "command to run their app" is not good? What should I use?
– SML
Oct 14 '17 at 14:54




So, running an application with sudo -H -u <client_user> bash -c "command to run their app" is not good? What should I use?
– SML
Oct 14 '17 at 14:54












@SML You misunderstood me. This command is not wrong but not enough. You have to make sure that the home directory permissions are correct, too.
– Hauke Laging
Oct 14 '17 at 15:07




@SML You misunderstood me. This command is not wrong but not enough. You have to make sure that the home directory permissions are correct, too.
– Hauke Laging
Oct 14 '17 at 15:07


Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?