Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How should I set up permission for Rails app?

Currently I set 0777 to all the directories and files.
However, I'm scared of being accessed from others.
Log files and all the controllers, models, views, and the files in config are set to 0777

In general, how they are supposed to be set?

  • Log files directory and its files
  • controller files
  • model files
  • view fies
  • the files in config directory
like image 736
HUSTEN Avatar asked Feb 15 '13 06:02

HUSTEN


People also ask

How do I add my own code to a Rails application?

You can configure your own code through the Rails configuration object with custom configuration under either the config.x namespace, or config directly.

How do I install rails on Ruby?

Now that we have Ruby, we need to get the Rails framework. In Ruby, we call a package a gem. To install a gem, you use the command gem install [packageName]. The gem command is provided by the package manager RubyGems. So, in our case, open a terminal window and run: gem install rails.

How do I run a Rails application in a staging environment?

That environment is no different than the default ones, start a server with bin/rails server -e staging, a console with bin/rails console -e staging, Rails.env.staging? works, etc. By default Rails expects that your application is running at the root (e.g. / ). This section explains how to run your application inside a directory.

What does it mean to configure rails?

In general, the work of configuring Rails means configuring the components of Rails, as well as configuring Rails itself. The configuration file config/application.rb and environment-specific configuration files (such as config/environments/production.rb) allow you to specify the various settings that you want to pass down to all of the components.


1 Answers

You should definitely not use 0777 for your file permissions. This more easily exposes you to vulnerabilities.

In general, follow this principle:

  • For folders, use 0755, which equates to rwxr-xr-x. The execute permission allows folder contents to be viewed.

    find /your/rails/dir -type d -exec chmod 755 {} +

  • For executed scripts, also use 0755. This allows anyone to execute the scripts, but not make changes (write) to them.

  • For all other files, use 0644 which equates to rw-r--r--. This allows everyone to read the file, the owner to write to the file, and no one to execute the file. This prevents, among other things, malicious scripts from being uploaded and executed.

    find /your/rails/dir -type f -exec chmod 644 {} +

  • Optionally, files containing passwords you could consider more restrictive permissions on, especially config/database.yml or any files containing passwords for things like mail services (mandrill, sendgrid, postmark), Amazon S3 buckets, or Redis connections. For these files you might use 0600.

In a production environment, your rails app should be running as the same user (not root) that owns all of these files. This is accomplished most easily by using passenger, unicorn, or running a web server such as mongrel or webrick as the local user listening on a port such as localhost:3000, and having Apache or Nginx reverse proxy to localhost:3000.

like image 109
Benjamin Avatar answered Oct 09 '22 18:10

Benjamin