Duju is a Drupal sandbox machine

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.
matt@antinomia's picture
Posted by matt@antinomia on March 1, 2007 at 7:11am

If you're interested in generating Drupal sandboxes at the push of a button, check out the Dojo Duju at [EDIT] http://www.its-coming.com/ http://duju.hopto.org/ (now offline).

What's a Duju? It's a Drupal sandbox that comes preconfigured with several popular modules and was developed with an eye towards being able to collaborate on concepts and demos of Drupal modules in a public venue. This approach uses Drupal's multi-site feature to run all Dujus from the same codebase and creating a way for Duju users to access their specific Duju directory but not those of other Dujus.

There are several security holes in the method. If you can be of assistance in fixing them, that would be awesome!

Please note, the web site [EDIT] www.its-coming.com duju.hopto.org itself is no way intended to be a permanent enterprise. It is merely demonstrating a proof of concept which needs to be refined. Also, consider it volitile and capable of disappearing at any minute (i.e. don't put anything of value on there).

Categories: , , ,

Comments

So the subdomains are

Posted by GiorgosK on March 1, 2007 at 8:23pm
GiorgosK's picture

So the subdomains are created dynamically by Dojo Duju ?

very nice module.

I was going to ask if this could be used for multihosting like mu.wordpress.com
but then I read you excellent http://www.its-coming.com/node/61 introduction to installing it and realized its not yet meant for that.

Is this thing going to be done in a more secure way sometime in the future ?
I mean is it possible ?

GiorgosK
Web development in Greece

I sure hope it's possible,

Posted by matt@antinomia on March 3, 2007 at 1:45am
matt@antinomia's picture

I sure hope it's possible, although don't really know enough about server security in a shared hosting environment I've identified a two key areas where security could be improved upon.

  • The biggest security issue that I see at the moment is that you have to allow the web server sudo access in order to create and jail the users. This means that anybody who can execute PHP code can also do these things, which is not safe. It's a difficult problem from what I've understand, with the catch-22 being that in order to implement an automated shared/multi hosting environment, you have to allow the web server access to commands it shouldn't be allowed to use in a shared environment. One solution that I read described a process whereupon the web server creates/appends a text file on the server with the necessary arguments to add the users, etc, and then a script periodically running as the root user looks for new values in that file and reacts accordingly. Even this solution is open to holes (i.e. a shared user knows the location of this file and writes to it, being able to create new dujus), but at least they don't have direct access to the commands. I'd love to hear other possible options!
  • The other major issue is that by using the method described by Alex Schenker here, one can use the web server to read the settings.php file of another web site, and hence be able to access, download, alter, and destroy data that does not belong to them. This seems to be an issue with Drupal multisite hosting in general. Please correct me if I'm wrong! Alex does describe a possible solution for this:
    1. "Only administrators of the multisites should have access to the PHP input format that would enable them to do this in the first place, and never give the owners uid = 1."
    2. "If you need PHP input for users, run each user's php process as fast-cgi and only link their sites subdirectory from the primary installation."
    3. "It's recommended that you use a Virtual Host setup to begin with. You can also set up chrooted Apache environments. A V-host will usually do this for you."

    The purpose of the Duju as it exists is to expose users to a development environment with PHP (i.e. filesystem) access, so obviously #1 is off the table. Users need PHP access. The other two suggestions sound like good options, but again I am no expert. Anybody who knows something about all of this, please do tell. :)

Anyhow, hope the module is helpful!

--
Matt Koglin, Antinomia Solutions

configuration db and cron

Posted by greggles on March 3, 2007 at 5:10pm
greggles's picture

I believe that many systems get around your first problem by having php write into a configuration database and then have a wholly separate cron job that occasionally checks that configuration database for new entries/configurations and performs that configuration using the permissions set on the cron script. So, your web application only writes to the database - it doesn't have the ability to do the sudo nor does it exec() anything.

Does that solve the problem you see?

--
Knaddisons Denver Life | mmm Free Range Burritos

knaddison blog | Morris Animal Foundation

Site back online at duju.hopto.org

Posted by matt@antinomia on March 9, 2007 at 8:59pm
matt@antinomia's picture

Nice. Yes, I believe something like this is the standard solution... Take away sudo and exec from the web server and run a cron job as the root user to do these tasks. Now I guess I have to improve my shell scripting skills, unless anybody else could step up to the plate here? I'm happy to share the server info with a compadre developer. ;)

[EDIT] I guess the site has been down for a couple days, and it wasn't working properly at the time it went down. I've fixed it, and it should be working again, but now at http://duju.hopto.org/. Unfortunately in the process I wiped the writeup when deleting all nodes instead of just the Duju nodes :(

--
Matt Koglin, Antinomia Solutions

no worries

Posted by greggles on March 11, 2007 at 6:51pm
greggles's picture

Contact me via email if you can - I tried a while ago and I'm not sure it went through.

Greg

--
Knaddisons Denver Life | mmm Free Range Burritos

knaddison blog | Morris Animal Foundation

paranoia module?

Posted by greggles on March 27, 2007 at 3:17am
greggles's picture

I just noticed the paranoia module which could be useful to solve "the other problem" - http://drupal.org/project/paranoia

So, the ideas are here to solve them, now to find time to do it...

--
Knaddisons Denver Life | mmm Free Range Burritos

knaddison blog | Morris Animal Foundation

just wanted to point out the

Posted by GiorgosK on April 14, 2007 at 4:16pm
GiorgosK's picture

release of subdomain manager http://drupal.org/project/subdomain_manager
maybe interested parties can look in it how the developer is doing things
(maybe in a more secure way)

GiorgosK
Web development in Greece

Once again

Posted by joshk on March 2, 2007 at 9:41pm
joshk's picture

I bow down to you for creating this fountain of awesomeness.

http://www.chapterthreellc.com | http://www.outlandishjosh.com

https://pantheon.io | http://www.chapterthree.com | https://www.outlandishjosh.com

best of both worlds

Posted by victorkane on March 3, 2007 at 11:34am
victorkane's picture

Now, this is where we can have our cake and eat it too!

We can have demos and lessons examples running on, say, drupaldojo.org, without that being a fork in any way, since it is so easy to make a little individualized sandbox, which references right back to groups.drupal.org and the community, but allows us to have a practical running code (bows to only god worth mentioning) to back up our tutorials, how-tos, sharing snippets, and documentation.

And, as a plus, we don't need any incipient bureaucracies or voting: if what anyone puts up is worthless, no-one will pay it any attention anyway (we can implement some mechanism like sourceforge uses, to highlight popular and most active sections), and if we can't trust each other (fellow dojos), well then, who can you trust?

Victor Kane (sipping Argentine mate)
http://awebfactory.com.ar

Victor Kane
http://awebfactory.com

Word on the street is...

Posted by gusaus on March 6, 2007 at 2:57am
gusaus's picture

Word on the street is that this could become a prototype market disruptor for serving up drupal products (aka install profiles and/or distributions). I'd love to hear more about the potential as well as 'kick the tires' a bit.

Great job so far. This site is like buttah!

Gus Austin
Director of Chaos and Confusion
PepperAlley Productions
What am I trying to do with Drupal?

Gus Austin

This is great

Posted by dmitrig01 on March 20, 2007 at 4:39am
dmitrig01's picture

If we have multiple teachers per lesson, then we could use the dujus!
Ideas are just bubbling out of my brain as I read between the lines of post and see potential, potential, potential.

What's the secret sauce?

Posted by allisterbeharry on April 20, 2007 at 11:51am
allisterbeharry's picture

Sorry all the nodes on this got trashed - I'd like to see how this works because my SoC project is similar - auto generating Drupal sites for testing. If you share some of the raw code / docs on this in return I'll do a proper documentation set for it.

Checked into CVS

Posted by matt@antinomia on June 27, 2007 at 12:12am
matt@antinomia's picture

I've spent several hours refactoring the code to use install profiles and writing up some brief docs and checked it into my sandbox if anybody is interested: http://cvs.drupal.org/viewcvs/drupal/contributions/sandbox/antinomia/mod...

--
Matt Koglin, Antinomia Solutions

--
Matt Koglin, Antinomia Solutions

http://duju.hopto.org is not more aviable

Posted by Evgenij on August 15, 2010 at 3:39pm
Evgenij's picture

http://duju.hopto.org is not more aviable!