[IPython-dev] Running notebook server and kernels as different users

MinRK benjaminrk at gmail.com
Fri Aug 16 15:14:37 EDT 2013


On Fri, Aug 16, 2013 at 12:03 PM, Leo Singer <lsinger at caltech.edu> wrote:

Hello,
>
> I am helping to set up a notebook server as part of the open data
> initiative for LIGO (http://ligo.org/), a physics experiment on which I
> am working as a graduate student. The idea is to have a runnable, on-demand
> tutorial to show users how to retrieve and manipulate our experiment's data.
>
> I have a question about security. We'd like to activate SSL, but since the
> notebook server and the Python kernels run as the same users, I am
> concerned that users would have the ability to read the server's private
> key and then compromise it. Almost as bad, users could send a kill signal
> to the notebook server.
>
> Is there a way to have the notebook server start as one user and then run
> the kernels as another user, to protect the notebook server itself from
> such attacks?
>
 This is not yet supported by IPython, but you could implement it with a
custom KernelManager, though I would not actually recommend doing that. At
this point, the notebook is a fundamentally single-user application, where
the notebook server and kernel are the same user on the same machine. There
are tools like ipydra <https://github.com/UnataInc/ipydra> that spin up a *
server* for each user, which is likely the simplest way to go for now.

-MinRK


> Thanks,
> Leo Singer
> Graduate Student @ LIGO-Caltech
> _______________________________________________
> IPython-dev mailing list
> IPython-dev at scipy.org
> http://mail.scipy.org/mailman/listinfo/ipython-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ipython-dev/attachments/20130816/c3084fd1/attachment.html>


More information about the IPython-dev mailing list