On 4/30/07, John Clisham <jfclisham / gmail.com> wrote:
> Brian Candler wrote:
> > On Tue, May 01, 2007 at 04:48:37AM +0900, John Clisham wrote:
> >> is running under.
> >>
> >> Is this possible?  Any ideas?
> >
> > The user will authenticate by providing their OS username and password?
> >
> > Perhaps you could use PTY.spawn and run 'su - username'
>
>
> Yes, I will authenticate useing their OS username and password. I
> haven't used PTY.spawn before.  Does it just spawn off a new psuedo
> terminal?  After doing a 'su -username' and authenicating; I want to
> execute a block of ruby code as that user.  Ideally that block would
> return a ruby object that I could then manipulate in the broader app.
> (ie since this is a Rails app, I would execute controller code as the
> authenticated user (ie to get job files); and use one set of views for
> all users.
>
> Am I making sense or over thinking this?  Basically, I'm trying to avoid
> calling everything in shell's and reading in stdout.  I'm trying to stay
> completely in Ruby here.
>
> THanks!
> KF

Ruby is one process to the OS - so most probably it cannot have
credentials of more users. What you can do is have 'session' have
another process running with respective user's credentials and
communicate with it with drb or similar. You would need to keep a pool
of these and kill/stop them when the session is done or timeouted.

You probably won't be able to avoid more processes though, but you may
avoid communicating through stdout.

Or, maybe you can avoid all of this if the user under which the the
webserver is running has rights to users' files (i.e. they all belong
to the same group and have the rights set appropriately).

Finally, you will want to double-check your code for security issues...

HTH.
J.