Shells websites

From Insomnia 24/7 Wiki
Revision as of 02:05, 4 July 2013 by imported>Wikiadmin
Jump to: navigation, search

General

You can run a website from your shell account. Simply place the html and/or php files in your public_html directory.

Your website will be visible at the subdomain yourusername.insomnia247.nl. For historical support insomnia247.nl/~yourusername is redirected to your subdomain.


Web proxies

If you want to run a web proxy or a php shell you are allowed to do so only under the condition that you password protect it. This also goes for any other material that can give anonymous users access to your resources.
Any copyrighted or illegal material hosted on your public site will result in automatic suspension of your account.


CGI

CGI is available in the cgi-bin directory of your public_html folder.


MySQL

MySQL databases are available on special request. Check the F.A.Q. to find out how to request one.


Rails

To create and run rails apps use these commands:

See the ports page for more info on which ports you can use for your Rails app.
rails new testblog -B
cd testblog
bundle install
rails server -p 5432

From here on you can continue with things like generating controllers and writing your app as normal.


Permissions

Your Apache processes and all child processes of Apache like php and cgi etc. run as a separate user that is dedicated to your website.
This user is named [your-username]-www. So it can access the files in your public_html directory you and your www user are in the same group. This group is exclusive to your account so no Apache processes from other users have permission to read your files.

Security

The practical upshot of having a separate www user is that you can now deny your Apache processes access to any files that you want to keep from being available over HTTP. (SSH keys are a good example of files where you might want such protection.)
Since the Apache process accesses your files through group permissions all you have to do in order to keep them from being accessible to Apache is revoke group access on them. (Hint: If you don't know how to manage file permissions read up on how to use the chmod command.)
Having this type of permission system will prevent any sensitive or security critical files you have from being exposed trough something like an LFI bug in your php.

suwww

There is a slight practical drawback to having the Apache process run as another user. Often when php processes create new files they will be created without group write permissions. This means that they are owned by your www user and you cannot easily delete them.
To remedy this we have introduced the suwww command. If you run this command from your shell you will be logged into your www users account giving you full permissions on any files your Apache user has created.
You can also use the suwww command to check and verify if your Apache user indeed does not have access to files you don't want it to.