On Tue, May 01, 2007 at 04:46:48PM +0900, Brian Candler wrote:
> One solution is to run each user's applications as fastcgi scripts, where
> the users' code runs as a pool of separate processes running under their own
> uid. A similar solution is to give each user their own completely separate
> webserver instance (e.g. httpd), either bound to a separate IP, or bound to
> a separate port with a proxy in front which routes the incoming HTTP
> requests to the right webserver instance.
> 
> In your case, this would effectively mean running multiple copies of your
> entire Rails app, one under each user ID. If the number of users you have is
> not large, this is probably a reasonable approach.

Another approach to consider, if the number of types of different requests
your users need to implement is small, is to have a small C setuid wrapper
program which in turn performs an action after validating the parameters.

You'd then invoke it as, say,

    system("/path/to/rubywrap",username,command,arg)

rubywrap.c would be a small C program which checks command and arg are
"safe", changes userid to username, and then does whatever command implies.
It would then be installed setuid root, and possibly also made only
executable by the webserver user or group.

However, I wouldn't recommend going this way unless you fully understand the
security implications of this. Find someone else's implementation of
something similar (e.g. Apache suexec) and understand all the subtleties of
its implementation, before trying it yourself.

Regards,

Brian.