Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Notebook: How to prevent that users can access cell content of other users?

I set up a Sage Notebook server which is going to be accessible by multiple users, but I have problems securing it. I am using version 6.4.1.

I invoke the notebook() command with the server_pool=[...] setting, and the $HOME/.sage directory of the user which starts the sage notebook (as well as for the users specified in server_pool) has permissions 700, so it is impossible for users to directly access the worksheets of other users.

However when I do cat /tmp/*/*.py in the notebook (after setting language to "sh" of course), I get some cell contents of other users. Those files in /tmp belong to the main sage user, and have permissions rw-r--r--.

I already tried setting umask to 077 before invoking the sage notebook, but when I do so, the notebook does not work at all (it starts, but all commands I enter in cells seem to take an infinite amount of time).

Is there a way to secure the sage notebook, such that it is impossible for one user to see any part of worksheets of other users?