>
> Thank you for your answer.
>
I run sage notebook server in a vm, but
please elaborate a little about your first suggestion.
Also I remarked that both the admin (of the sage server) and the simple user
are finally the "same linux user". I gave os.system('whoami') as admin and
as simple user and get the same result.
(Maybe it is not a good idea to leave anyone to register.)
One more question, if I managed to have a ssl certificate (not self signed)
where do I have to put it?
Thank you
Costas
On Monday, January 26, 2015 at 7:10:50 PM UTC+2, vdelecroix wrote:
>
> 2015-01-26 17:17 UTC+01:00, Jeroen Demeyer <[email protected]
> <javascript:>>:
> > On 2015-01-26 03:53, [email protected] <javascript:> wrote:
> >> I noticed that someone can execute system commands in a sage notebook
> >> server.
> >> For instance
> >> sage:import os
> >> sage:os.system('ifconfig')
> >>
> >> Is there any way to disable this?
> > No.
>
> To tell a bit more, Sage is built over Python. So you can not prevent
> the user from using Python in other ways by modifying yourself the
> Python that is shipped with Sage. Concrete things you can do to forbid
> users from doing anything are:
> - run the notebook with a user with very few permissions (for
> examples, you could forbid the right to execute ifconfig)
> - run the notebook in a virtual machine or in docker
>
> I guess that it is a combination of boths that it is needed in large
> scales. But for small scales, the first option is quite reasonable.
>
> Vincent
>
--
You received this message because you are subscribed to the Google Groups
"sage-support" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/sage-support.
For more options, visit https://groups.google.com/d/optout.
