I am putting together a web interface for an embedded hardware product (think like your router) that needs the ability to change system files that are owned by root. In particular I need to change the network address and then restart the service.
What is the best way to handle this both for editing the file and securely handling the escalation (preferably outside of the webapp somehow). I had the idea of a user who can sudo with no password for scripts to use that was banned from SSH or Terminal login, but I am unsure if this is the best thing to do security wise as it leaves that user open to attacks that can then escalate privleges.
I effectively want to read ifcfg-eth0, write changes to a temporary file, double check those changes are valid, then write it back to the ifcfg-eth0 original file, finally restart the network interface.
Related
I used docker technology to set up a nextcloud server for myself and my family
Can I transfer files from a local server to my Nextcloud server without using the internet and allow users to access them?
Because I have discovered two strange things:
1.Placing files directly under a specific user's file path on the server does not allow the user to successfully access the file.
2.As long as I don't delete the files added by the user, even if I directly change the content of the files on the server, the user can still accurately and correctly read the original content.
Or is the user profile path that I think is incorrect?
I think it's /var/www/html/data/"USERID"/files
I would like to know how to solve it, but at the same time, I also want to know what is the reason that causes the following two problems.
Thank you so much.
Running a Rails application on multiple servers (~20), I want to able to manage the configurartion files (mainly *.yml, but also SSL pem/certs files and other text based) from a single location such that any change to files, or a new file, is added to all servers.
I also want to have this content source controller via git.
Updated are not frequent and I want to keep the app untouched such that data is read from files as it is right now.
What are the available solution for that, is Zookeeper good fit?
I have not used Zookeeper but I believe you should be able to do something like you need with a tool such as Puppet or Chef.
We're using ZooKeeper for live settings.
One idea is to use a registry.
Say you have a component called Arst.
You can have some config - lets say for redis under these folders each representing a different instance:
/dbs/redis/0 (host, port, db, password as children)
/dbs/redis/1 (host, port, db, password as children)
/dbs/redis/prod (host, port, db, password as children)
And if your component Arst needs to use instance 0, you can have a registry like this:
/arst/redis/0
If you want to add 1 just add the node and a child watch in the application will update things for you without a restart.
It's not very simple to do though and managing the settings can be a pain for teams like qa.
So I'll be working on a console to help with this as well. We'll be open sourcing some pieces.
I have a web application which allows users to upload files and share them with other people across the internet. Anyone who has access can download the files, but if the uploader doesn't specifically share the file with someone else, that person can't download the files.
Since the user permissions are controlled by rails, each time someone tries to download a file it sent to the user from a rails process. This is a serious bottle neck - rails is needed for the file upload and permissions but it shouldn't be in the way taking up memory just for others to download files.
I would like to split the application on different servers for the frontend, database and file server. If the user does to my site, they should have the ability to download the file directly from something like my-fileserver.domain.com/file/38183 instead of running it through rails.
What is the best option for this? I would like to control file access at the database level, not the file system - but I don't want rails taking up all of the memory on my system for such a simple process. Any ideas?
Edit:
One thing I may be able to do is load a list of files/permissions from mysql into a node.js app and give access rights to the file server as a true/false response based on what the file server sends in. This still requires the file server to run a web server, however.
May be You could generator a rand url for file, and control by center system .
My question is simple: How can a person access my database in production if he knows my password? I know that it can be done, because otherwise you wouldn't have to set a password for it, but I really want to know how.
Also, if someone knows the password for my database, can he execute all queries to my database (not only SELECT, but also the ones that alter the database)?
Your database is on a server, a computer just like any other. It has a MAC address, probably a NIC, and most importantly, an IP address.
If you've ever used Window's remote connection utility, you are asked for the IP address of the computer, and the login credentials for the user's account. From there, you'd open the database management system (which is simply an application running on the computer), and once you've entered the database, it's just sitting there. Just like it does for you.
The process of deleting all of your hard work, for an attacker, includes the exact same steps you would take! Pick a good password, and don't store any sensitive information on any public-facing directories on the server!
How can a person access my database in production if he knows my
password?
Through an exploit or other script where they can make a connection.
if someone knows the password for my database, can he execute all
queries to my database (not only SELECT, but also the ones that alter
the database)
They can execute whatever that account has rights to. This is a good reason that application logins only be given minimal rights. Typically in full-featured database systems, you can give the application role/account only SELECT on certain tables or views (perhaps not even all columns), and generally modify data only through stored procedures. By minimizing the surface area in this way, you have defense in depth, so not only is the account secured by a password, but the account has only a certain attack surface. This is just one part of your overall security process.
One of my Rails applications is going to depend on a secret key in memory, so all of its functions will only be available once administrator goes to a certain page and uploads the valid key.
The problem is that this key needs to be stored securely, so no other processes on the same machine should be able to access it (so memcached and filesystem are not suitable). One good idea would be just to store it in some configuration variable in the application, but newly spawned instances won't have access to that variable. Any thoughts how to implement this on RubyEE/Apache/mod_passenger?
there is really no way to accomplish that goal. (this is the same problem all DRM systems have)
You can't keep things secret from the operating system. Your application has to have the key somewhere in memory and the operating system kernel can read any memory location it wants to.
You need to be able to trust the operating system, which means that you then can also trust the operating system to properly enforce file access permissions. This in turn means that can store the key in a file that only the rails-user-process can read.
Think of it this way: even if you had no key at all, what is to stop an attacker on the server from simply changing the application code itself to gain access to the disabled functionality?
I would use the filesystem, with read access only to the file owner, and ensure the ruby process is the only process owned by this user. (using chmod 400 file)
You can get more complex than that, but it all boils down to using the unix users and permissions.
Encrypt it heavily in the filesystem?
What about treating it like a regular password, and using a salted hash? Once the user authenticates, he has access to the functions of the website.