Task #5546: Install a .Rprofile file inside the rstudio users's home directories and fix the home directory permissions - D4Science Infrastructure - D4science

Custom queries

03. VRE Plan
04. All Projects Deliverables
04. All Projects Milestones
06. D4Science Projects Activities
All open Issues
D4Science Infrastructure Upgrade
My InProgress Tasks
My Paused Tasks
My Watched Tasks
Not Closed Assigned To Me
Not Closed Assigned To Me (No Releases, No Project Tasks)
Not Closed Opened by Me
Open Issues
Upgrade Plan
Upgrade Plan Clear

Actions

Copy link

Task #5546

closed

Install a .Rprofile file inside the rstudio users's home directories and fix the home directory permissions

Added by Andrea Dell'Amico almost 9 years ago. Updated almost 9 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Andrea Dell'Amico

Category:

System Application

Target version:

UnSprintable

Start date:

Oct 21, 2016

Due date:

% Done:

100%

Estimated time:

Infrastructure:

Development, Pre-Production, Production

Description

The public repository for the file is here: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/data-analysis/RConfiguration

History
Notes
Property changes

Actions

Copy link

Updated by Andrea Dell'Amico almost 9 years ago

Subject changed from Install a .Rprofile file inside the rstudio users's home directories to Install a .Rprofile file inside the rstudio users's home directories and fix the home directory permissions

Actions

Copy link

Updated by Andrea Dell'Amico almost 9 years ago

Status changed from New to In Progress
% Done changed from 0 to 60

On rstudio-dev I've just installed a new version of the r-connector script that:

do not allow the creation of non ldap users (it logs an entry in /var/log/syslog)
sets the new users home directory permissions so that the gcube user can update the userconfig.csv file
creates the link .Rprofile -> /srv/d4science/RStudioConfiguration/.Rprofile, where the source is the Rprofile downloaded from subversion

I also installed a cron job that executes a cd /srv/d4science/RStudioConfiguration ; svn update so that any modification to the master will land into the users home directories in at most 24 hours.

I already tested that the new permissions (example):

drwx--x---  6 andrea.dellamico      gcube  126 Oct 21 17:46 andrea.dellamico

drwx--x---  6 andrea.dellamico gcube   126 Oct 21 17:46 .
drwxr-xr-x 24 root             root   4096 Oct 21 17:41 ..
drwxr-xr-x  3 andrea.dellamico ri       23 Oct 21 17:45 .cache
drwxr-xr-x  3 andrea.dellamico ri       40 Oct 21 17:46 R
-rw-r--r--  1 andrea.dellamico ri    12118 Oct 21 17:45 .RData
-rw-r--r--  1 andrea.dellamico ri      141 Oct 21 17:50 .Rhistory
lrwxrwxrwx  1 andrea.dellamico root     45 Oct 21 17:41 .Rprofile -> /srv/d4science/RStudioConfiguration/.Rprofile
drwxr-xr-x 13 andrea.dellamico ri     4096 Oct 21 17:50 .rstudio
drwxr-xr-x  3 andrea.dellamico ri       61 Oct 21 17:41 .subversion
-rw-rw----  1 andrea.dellamico gcube     8 Oct 21 17:50 userconfig.csv

are sufficient to permit the writing of userconfig.csv. When @gianpaolo.coro@isti.cnr.it will be able to confirm that he cannot read my files from his session I'll distribute the scripts on rstudio.d4science.org and dataminer1-proto.d4science.org.
I will then proceed to the local users removal (already done on rstudio-dev)

Note to @gianpaolo.coro@isti.cnr.it: the text

print(paste("*****************SECURITY NOTES*******************"))
print(paste("By default, all users can watch the files of the others"))
print(paste("-But they cannot alter them-"))
print(paste("In order to definitely hide the contents of your workspace, please launch the command:"))
print(paste("system(\"chmod go-rx $HOME\",intern = FALSE);"))
print(paste("***********************************************"))

is dangerous (it's also becoming obsolete, but): if you remove the execute permissions to the group, the r-connector isn't able to write the userconfig.csv file anymore and the user session cannot be opened.

Actions

Copy link