[IPython-dev] Running notebook server and kernels as different users
Jason Grout
jason-sage at creativetrax.com
Fri Aug 16 15:36:36 EDT 2013
On 8/16/13 2:03 PM, Leo Singer wrote:
> Hello,
>
> I am helping to set up a notebook server as part of the open data
> initiative for LIGO (http://ligo.org/), a physics experiment on which
> I am working as a graduate student. The idea is to have a runnable,
> on-demand tutorial to show users how to retrieve and manipulate our
> experiment's data.
>
> I have a question about security. We'd like to activate SSL, but
> since the notebook server and the Python kernels run as the same
> users, I am concerned that users would have the ability to read the
> server's private key and then compromise it. Almost as bad, users
> could send a kill signal to the notebook server.
>
> Is there a way to have the notebook server start as one user and then
> run the kernels as another user, to protect the notebook server
> itself from such attacks?
>
We do this with the Sage Cell Server [1], which uses the IPython
infrastructure (but not most of the IPython notebook code). We wrote
TrustedKernelManager and UntrustedKernelManager classes that basically
forward all kernel manager requests between the trusted (web server)
account and the untrusted (restricted worker) account over an ssh or
zeromq link.
Feel free to look at the source code, if you like:
https://github.com/sagemath/sagecell
But you can do the SSL part without compromising security. Just run
HAProxy or nginx as a reverse proxy in front of the notebook, and have
your SSL terminate at HAProxy or nginx. Another very common thing is to
set up stunnel in front of your internal unencrypted server. In each of
these situations, the SSL will be decrypted by a reverse proxy running
on your computer, and then connections will be forwarded (unencrypted,
but only locally) on the local computer to the IPython notebook.
Thanks,
Jason
[1] https://sagecell.sagemath.org
More information about the IPython-dev
mailing list