[IPython-dev] Running notebook server and kernels as different users
benjaminrk at gmail.com
Fri Aug 16 15:14:37 EDT 2013
On Fri, Aug 16, 2013 at 12:03 PM, Leo Singer <lsinger at caltech.edu> wrote:
> I am helping to set up a notebook server as part of the open data
> initiative for LIGO (http://ligo.org/), a physics experiment on which I
> am working as a graduate student. The idea is to have a runnable, on-demand
> tutorial to show users how to retrieve and manipulate our experiment's data.
> I have a question about security. We'd like to activate SSL, but since the
> notebook server and the Python kernels run as the same users, I am
> concerned that users would have the ability to read the server's private
> key and then compromise it. Almost as bad, users could send a kill signal
> to the notebook server.
> Is there a way to have the notebook server start as one user and then run
> the kernels as another user, to protect the notebook server itself from
> such attacks?
This is not yet supported by IPython, but you could implement it with a
custom KernelManager, though I would not actually recommend doing that. At
this point, the notebook is a fundamentally single-user application, where
the notebook server and kernel are the same user on the same machine. There
are tools like ipydra <https://github.com/UnataInc/ipydra> that spin up a *
server* for each user, which is likely the simplest way to go for now.
> Leo Singer
> Graduate Student @ LIGO-Caltech
> IPython-dev mailing list
> IPython-dev at scipy.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the IPython-dev