Closed GoogleCodeExporter closed 9 years ago
Added Yiming: we need to verify that the Java AppServer works fine if run as
nobody,
and what steps need to be taken if it doesn't work.
Original comment by shattere...@gmail.com
on 4 Feb 2010 at 10:42
Changing the user to nobody doesn't entirely address this problem: if that user
can
read one user's application then since the same user is used to run all
AppEngine
apps (thus one user can read another user's data but not root's).
Running it as the 'appengine' user results in the same scenario.
Need to add users dynamically and remove them upon termination of an AppScale
instance: they will all be in a shared group that can run dev_appserver but not
read
each other's data.
Original comment by shattere...@gmail.com
on 7 Feb 2010 at 4:08
Fixed for Python SDK, instead of the previous procedure, we have removed access
to
the read and walk functions.
Need to verify that this works also for Java SDK.
Original comment by shattere...@gmail.com
on 9 Feb 2010 at 12:54
We want to allow the AppServer to be able to read/write to the FS for the
MapReduce
API but disallow user apps to do so, which is the case in Python GAE but not
Java GAE.
Changed ownership to Yiming, who is investigating how best to do so for Java
GAE. If
it cannot easily be done, we will disable the Java MapReduce API in order to
disable
all file access by users.
Original comment by shattere...@gmail.com
on 31 Mar 2010 at 6:37
Original comment by shattere...@gmail.com
on 22 Sep 2010 at 4:16
Original issue reported on code.google.com by
shattere...@gmail.com
on 4 Feb 2010 at 8:37