Ask Your Question

Setting up a public Sage server

asked 2013-01-26 07:03:41 +0100

Caterpillar gravatar image

Hi. I have a desktop computer with an Athlon II X3 440 (probably he will be updated soon with an AMD FX 8350), 32Gb of RAM and Fedora 17 64bit. I would like to set up a public Sage server on a unprivileged Fedora user. I am not a security expert, but I need to avoid abuses, so I need suggestions how to secure a public Sage server, where people can sign in from Sage server's webpage and start immediately

The wiki page does not seem to be enough for my needs

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2013-01-26 10:37:40 +0100

Jason Grout gravatar image

updated 2013-01-26 10:42:13 +0100

If you are not a security expert, I would highly suggest getting a local one to help you. There are lots of subtleties in the security issues. Basically, a Sage server is allowing a random person to execute whatever code they want on your computer, which is not easy or straightforward to defend against.

The wiki page you link is written for Ubuntu; is that why it is not useful? If you are not very comfortable with linux in general, and security in particular, I'd suggest getting someone else who is expert in these things to set up a public server (or spending at least a good several months reading up on linux security). If you are wanting to instead set up a server for a group of people that you trust, that's a different matter.

At a bare minimum, I would suggest restricting network connections for the restricted user, putting ulimits on the restricted user, implementing a quota system for the restricted user, restricting the user's ability to write to their own config files, etc. Maybe use tools from SELinux (like in

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2013-01-26 07:03:41 +0100

Seen: 932 times

Last updated: Jan 26 '13