It would be best practice to do this. Nate is working on packaging
(.deb) and our Anisble setup to accomplish this - getting these
permissions exactly correct I think will be a big part of that effort.
All of that said - if you were really going to pursue this but just
install and use the tool shed normally from the Galaxy webapp it seems
kind of a wasted effort. These dependencies would be installed as the
Galaxy user and run arbitrary code (from a sort of sys admin
perspective). So if I were going to go through this effort I would
probably try to setup a separate configuration and user for installing
things from the tool shed and disable the main Galaxy instance and
user from doing this. That would add considerably to this effort.
Anyway - it is a best practice so I don't mean to discourage it - but
realistically I don't think many Galaxy deployments have gone through
On Mon, Jul 20, 2015 at 1:37 PM, lejeczek <pelj...@yahoo.co.uk> wrote:
> hi everybody
> I'd like to ask if you think it's worthwhile is pursuing finely grained tree
> permissions? Would this improve security to leave out everything but only
> files/folders necessary for writing - to galaxy user what needs to write
> everything else root?
> Or just full perms to galaxy user on whole tree is the only way?
> many thanks.
> Please keep all replies on the list by using "reply all"
> in your mail client. To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
> To search Galaxy mailing lists use the unified search at:
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
To search Galaxy mailing lists use the unified search at: