If you're interested in generating Drupal sandboxes at the push of a button, check out the Dojo Duju at [EDIT] http://www.its-coming.com/ http://duju.hopto.org/ (now offline).
What's a Duju? It's a Drupal sandbox that comes preconfigured with several popular modules and was developed with an eye towards being able to collaborate on concepts and demos of Drupal modules in a public venue. This approach uses Drupal's multi-site feature to run all Dujus from the same codebase and creating a way for Duju users to access their specific Duju directory but not those of other Dujus.
There are several security holes in the method. If you can be of assistance in fixing them, that would be awesome!
Please note, the web site [EDIT] www.its-coming.com duju.hopto.org itself is no way intended to be a permanent enterprise. It is merely demonstrating a proof of concept which needs to be refined. Also, consider it volitile and capable of disappearing at any minute (i.e. don't put anything of value on there).
Comments
So the subdomains are
So the subdomains are created dynamically by Dojo Duju ?
very nice module.
I was going to ask if this could be used for multihosting like mu.wordpress.com
but then I read you excellent http://www.its-coming.com/node/61 introduction to installing it and realized its not yet meant for that.
Is this thing going to be done in a more secure way sometime in the future ?
I mean is it possible ?
GiorgosK
Web development in Greece
I sure hope it's possible,
I sure hope it's possible, although don't really know enough about server security in a shared hosting environment I've identified a two key areas where security could be improved upon.
The purpose of the Duju as it exists is to expose users to a development environment with PHP (i.e. filesystem) access, so obviously #1 is off the table. Users need PHP access. The other two suggestions sound like good options, but again I am no expert. Anybody who knows something about all of this, please do tell. :)
Anyhow, hope the module is helpful!
--
Matt Koglin, Antinomia Solutions
configuration db and cron
I believe that many systems get around your first problem by having php write into a configuration database and then have a wholly separate cron job that occasionally checks that configuration database for new entries/configurations and performs that configuration using the permissions set on the cron script. So, your web application only writes to the database - it doesn't have the ability to do the sudo nor does it exec() anything.
Does that solve the problem you see?
--
Knaddisons Denver Life | mmm Free Range Burritos
knaddison blog | Morris Animal Foundation
Site back online at duju.hopto.org
Nice. Yes, I believe something like this is the standard solution... Take away sudo and exec from the web server and run a cron job as the root user to do these tasks. Now I guess I have to improve my shell scripting skills, unless anybody else could step up to the plate here? I'm happy to share the server info with a compadre developer. ;)
[EDIT] I guess the site has been down for a couple days, and it wasn't working properly at the time it went down. I've fixed it, and it should be working again, but now at http://duju.hopto.org/. Unfortunately in the process I wiped the writeup when deleting all nodes instead of just the Duju nodes :(
--
Matt Koglin, Antinomia Solutions
no worries
Contact me via email if you can - I tried a while ago and I'm not sure it went through.
Greg
--
Knaddisons Denver Life | mmm Free Range Burritos
knaddison blog | Morris Animal Foundation
paranoia module?
I just noticed the paranoia module which could be useful to solve "the other problem" - http://drupal.org/project/paranoia
So, the ideas are here to solve them, now to find time to do it...
--
Knaddisons Denver Life | mmm Free Range Burritos
knaddison blog | Morris Animal Foundation
just wanted to point out the
release of subdomain manager http://drupal.org/project/subdomain_manager
maybe interested parties can look in it how the developer is doing things
(maybe in a more secure way)
GiorgosK
Web development in Greece
Once again
I bow down to you for creating this fountain of awesomeness.
http://www.chapterthreellc.com | http://www.outlandishjosh.com
https://pantheon.io | http://www.chapterthree.com | https://www.outlandishjosh.com
best of both worlds
Now, this is where we can have our cake and eat it too!
We can have demos and lessons examples running on, say, drupaldojo.org, without that being a fork in any way, since it is so easy to make a little individualized sandbox, which references right back to groups.drupal.org and the community, but allows us to have a practical running code (bows to only god worth mentioning) to back up our tutorials, how-tos, sharing snippets, and documentation.
And, as a plus, we don't need any incipient bureaucracies or voting: if what anyone puts up is worthless, no-one will pay it any attention anyway (we can implement some mechanism like sourceforge uses, to highlight popular and most active sections), and if we can't trust each other (fellow dojos), well then, who can you trust?
Victor Kane (sipping Argentine mate)
http://awebfactory.com.ar
Victor Kane
http://awebfactory.com
Word on the street is...
Word on the street is that this could become a prototype market disruptor for serving up drupal products (aka install profiles and/or distributions). I'd love to hear more about the potential as well as 'kick the tires' a bit.
Great job so far. This site is like buttah!
Gus Austin
Director of Chaos and Confusion
PepperAlley Productions
What am I trying to do with Drupal?
Gus Austin
This is great
If we have multiple teachers per lesson, then we could use the dujus!
Ideas are just bubbling out of my brain as I read between the lines of post and see potential, potential, potential.
What's the secret sauce?
Sorry all the nodes on this got trashed - I'd like to see how this works because my SoC project is similar - auto generating Drupal sites for testing. If you share some of the raw code / docs on this in return I'll do a proper documentation set for it.
Checked into CVS
I've spent several hours refactoring the code to use install profiles and writing up some brief docs and checked it into my sandbox if anybody is interested: http://cvs.drupal.org/viewcvs/drupal/contributions/sandbox/antinomia/mod...
--
Matt Koglin, Antinomia Solutions
--
Matt Koglin, Antinomia Solutions
http://duju.hopto.org is not more aviable
http://duju.hopto.org is not more aviable!