"William Stein" <[EMAIL PROTECTED]> writes: > 2008/4/5 Nikos Apostolakis <[EMAIL PROTECTED]>:
[...] >> >> I don't know if the following make sense but is it possible to >> have some kind of global .sage directory for cases like this? >> Something like `/etc/sage/'. Is it really necessary for a user >> to have a `~/.sage' directory in order to run a script that uses >> sage? >> > > Yes, it is absolutely necessary. Sage needs a directory where it > stores configuration info, temp files, etc. However, if you set the > environment variable DOT_SAGE then the directory it is > set to will be used exactly ~/.sage would be used. For example, > > teragon:~ was$ export DOT_SAGE=/Users/was/tmp/foo > teragon:~ was$ sage > ---------------------------------------------------------------------- > | SAGE Version sage-2.11, Release Date: 2008-03-30 | > | Type notebook() for the GUI, and license() for information. | > ---------------------------------------------------------------------- > Setting permissions of DOT_SAGE directory so only you can read and write it. > Loading SAGE library. Current Mercurial branch is: referee > sage: > Exiting SAGE (CPU time 0m0.00s, Wall time 0m6.18s). > Exiting spawned Gap process. > teragon:~ was$ ls /Users/was/tmp/foo > db gap ipython matplotlibrc temp > > >> >> >> Is this a bug? Any workarounds? >> > >> > It isn't a bug. To fix this we need to know more about your setup, >> > i.e. which user the webserver runs as, which webserver you are using >> > and so on. >> >> I've tried this with two setups, Debian unstable with apache2 and >> Ubuntu 7.10 with thttpd, in both cases the distribution provided >> packages. On the Debian box apache runs as `www-data', I don't have >> access to the Ubuntu box right now but I used the standard setup in >> both case since my knoweldge of this stuff is minimal. Also in both >> machines sage has been install by the superuser at /usr/local/include. >> >> This morning I played a bit more with this. After creating a >> directory "/.sage" with owner "www-data" and permissions 700 the cgi >> scripts seem to work. I am not sure that this is a good solution on >> the long run though. > > That's fine Either do that or better set the DOT_SAGE variable > to a directory that www-data has write access to. > Thanks, I'll try that. >> Are there any security (or other) issues that >> could result from this hack? > > Just out of curiosity what Sage functionality are you exporting over > the web. Because there are a lot of security issues that could > arise from whatever you're actually doing. > The idea is to use sage to create and grade exams and the communication with the student is via a web browser. Every time an exam is to be taken a random exam is generated together with the right answer and the "grading function" for each question. The exam has html forms that the student fills with the answers and when (s)he's done the exam is graded by a cgi script. To avoid some obvious sequrity risks, the answers have to be in a specific form that is checked against suitable regular expressions before passed to the grading script. The project is still at a preliminary stage. Thanks, Nikos > william --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sage-support URLs: http://www.sagemath.org -~----------~----~----~----~------~----~------~--~---
