Restricting file access in Ruby

J

John Allen

Hey, I don't know if this is a subject that's been beat to death or not as
I'm new to the group, but I wanted to ask whether anyone's extended Ruby to
allow scripts to (dis)allow access to files based on some sort of user
defined mechanism.

I'm writing an application that will allow individual users to write (and
execute) their own Ruby scripts within a confined subtree of my filesystem,
and I want to basically add checks to any function that accesses files,
whether through the File class, or the Dir class, or whatever. The users
in my system are not all trusted equally, and I want to grant varying
degrees of privilege to each. I also want to restrict access to sockets
and other I/O mechanisms, but that's easier to do since all I have to do is
not make the library available.

I've been reading through the code in the ruby-1.8.2 source tree, and I'm
learning how it's all tied together. I guess my question is where to put
my checks. Also, I feel funny even suggesting this because it seems to go
against everything I've read about Ruby making things less complicated and
bloated.

Anyway, flames or comments are appreciated.

-John
 
F

Florian Gross

John said:
Hey, I don't know if this is a subject that's been beat to death or not as
I'm new to the group, but I wanted to ask whether anyone's extended Ruby to
allow scripts to (dis)allow access to files based on some sort of user
defined mechanism.

[...]

I've been reading through the code in the ruby-1.8.2 source tree, and I'm
learning how it's all tied together. I guess my question is where to put
my checks. Also, I feel funny even suggesting this because it seems to go
against everything I've read about Ruby making things less complicated and
bloated.
Click to expand...

I'd suggest using $SAFE and having a custom interface for doing IO that
goes through your special privilege checks. But you might be right in
that patching Ruby for this would make security breaches less likely.
 
A

Andreas Schwarz

John said:
Hey, I don't know if this is a subject that's been beat to death or not as
I'm new to the group, but I wanted to ask whether anyone's extended Ruby to
allow scripts to (dis)allow access to files based on some sort of user
defined mechanism.
Click to expand...

This is what users and permissions on OS level are good for; I think it
will be _very_ hard to implement it in ruby.
 
Z

Zach Dennis

Andreas said:
This is what users and permissions on OS level are good for; I think it
will be _very_ hard to implement it in ruby.
Click to expand...

I concur with Andreas, this isn't necessarily the job for ruby to be
doing, nor your scripts. It adds unnecessarily complexities to a problem
ruby shouldn't be solving anyways. Let your OS do this. It will save you
from headache.

Zach
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to create PDF file in Batch 5
Decrypting in Javascript 8
Vercel/NextJS: How to access serverless functions from frontend during local development? 0
Restricting access/functionality to objects 0
RedCloth, restricting input? 0
Restricting the access of a Global variable 2
Parsing the Ruby File 14
Question concerning ruby file access 3

Members online

Total: 24 (members: 1, guests: 23)
Robots: 318

Forum statistics

Threads
473,755
Messages
2,569,535
Members
45,007
Latest member
obedient dusk

Latest Threads

Top