Task #5546
closed
Install a .Rprofile file inside the rstudio users's home directories and fix the home directory permissions
100%
Description
The public repository for the file is here: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/data-analysis/RConfiguration
Updated by Andrea Dell'Amico almost 9 years ago
- Subject changed from Install a .Rprofile file inside the rstudio users's home directories to Install a .Rprofile file inside the rstudio users's home directories and fix the home directory permissions
Updated by Andrea Dell'Amico almost 9 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 60
On rstudio-dev I've just installed a new version of the r-connector script that:
- do not allow the creation of non ldap users (it logs an entry in /var/log/syslog)
- sets the new users home directory permissions so that the gcube user can update the
userconfig.csvfile - creates the link
.Rprofile -> /srv/d4science/RStudioConfiguration/.Rprofile, where the source is the Rprofile downloaded from subversion
I also installed a cron job that executes a cd /srv/d4science/RStudioConfiguration ; svn update so that any modification to the master will land into the users home directories in at most 24 hours.
I already tested that the new permissions (example):
drwx--x--- 6 andrea.dellamico gcube 126 Oct 21 17:46 andrea.dellamico drwx--x--- 6 andrea.dellamico gcube 126 Oct 21 17:46 . drwxr-xr-x 24 root root 4096 Oct 21 17:41 .. drwxr-xr-x 3 andrea.dellamico ri 23 Oct 21 17:45 .cache drwxr-xr-x 3 andrea.dellamico ri 40 Oct 21 17:46 R -rw-r--r-- 1 andrea.dellamico ri 12118 Oct 21 17:45 .RData -rw-r--r-- 1 andrea.dellamico ri 141 Oct 21 17:50 .Rhistory lrwxrwxrwx 1 andrea.dellamico root 45 Oct 21 17:41 .Rprofile -> /srv/d4science/RStudioConfiguration/.Rprofile drwxr-xr-x 13 andrea.dellamico ri 4096 Oct 21 17:50 .rstudio drwxr-xr-x 3 andrea.dellamico ri 61 Oct 21 17:41 .subversion -rw-rw---- 1 andrea.dellamico gcube 8 Oct 21 17:50 userconfig.csv
are sufficient to permit the writing of userconfig.csv. When @gianpaolo.coro@isti.cnr.it will be able to confirm that he cannot read my files from his session I'll distribute the scripts on rstudio.d4science.org and dataminer1-proto.d4science.org.
I will then proceed to the local users removal (already done on rstudio-dev)
Note to @gianpaolo.coro@isti.cnr.it: the text
print(paste("*****************SECURITY NOTES*******************"))
print(paste("By default, all users can watch the files of the others"))
print(paste("-But they cannot alter them-"))
print(paste("In order to definitely hide the contents of your workspace, please launch the command:"))
print(paste("system(\"chmod go-rx $HOME\",intern = FALSE);"))
print(paste("***********************************************"))
is dangerous (it's also becoming obsolete, but): if you remove the execute permissions to the group, the r-connector isn't able to write the userconfig.csv file anymore and the user session cannot be opened.
Updated by Andrea Dell'Amico almost 9 years ago
- Status changed from In Progress to Closed
- % Done changed from 60 to 100
The new profile is available to all the existing users and it will be installed to the new ones.
