1 | initial version |
If you are not a security expert, I would highly suggest getting a local one to help you. There are lots of subtleties in the security issues. Basically, a Sage server is allowing a random person to execute whatever code they want on your computer, which is not easy or straightforward to defend against.
The wiki page you link is written for Ubuntu; is that why it is not useful? If you are not very comfortable with linux in general, and security in particular, I'd suggest getting someone else who is expert in these things to set up a public server (or spending at least a good several months reading up on linux security). If you are wanting to instead set up a server for a group of people that you trust, that's a different matter.
2 | No.2 Revision |
If you are not a security expert, I would highly suggest getting a local one to help you. There are lots of subtleties in the security issues. Basically, a Sage server is allowing a random person to execute whatever code they want on your computer, which is not easy or straightforward to defend against.
The wiki page you link is written for Ubuntu; is that why it is not useful? If you are not very comfortable with linux in general, and security in particular, I'd suggest getting someone else who is expert in these things to set up a public server (or spending at least a good several months reading up on linux security). If you are wanting to instead set up a server for a group of people that you trust, that's a different matter.
At a bare minimum, I would suggest restricting network connections for the restricted user, putting ulimits on the restricted user, implementing a quota system for the restricted user, etc. Maybe use tools from SELinux (like in http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html)?
3 | No.3 Revision |
If you are not a security expert, I would highly suggest getting a local one to help you. There are lots of subtleties in the security issues. Basically, a Sage server is allowing a random person to execute whatever code they want on your computer, which is not easy or straightforward to defend against.
The wiki page you link is written for Ubuntu; is that why it is not useful? If you are not very comfortable with linux in general, and security in particular, I'd suggest getting someone else who is expert in these things to set up a public server (or spending at least a good several months reading up on linux security). If you are wanting to instead set up a server for a group of people that you trust, that's a different matter.
At a bare minimum, I would suggest restricting network connections for the restricted user, putting ulimits on the restricted user, implementing a quota system for the restricted user, restricting the user's ability to write to their own config files, etc. Maybe use tools from SELinux (like in http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html)?