From 287a6081eeffcbceb1a52a9886ed3349baf46480 Mon Sep 17 00:00:00 2001 From: Jeff Ohrstrom Date: Wed, 17 Jul 2024 12:11:48 -0400 Subject: [PATCH] add info about disabling apps to customizations (#989) --- source/customizations.rst | 31 +++++++++++++++++++++++++++++++ source/security.rst | 3 ++- 2 files changed, 33 insertions(+), 1 deletion(-) diff --git a/source/customizations.rst b/source/customizations.rst index 51e8329d..dff7e8fd 100644 --- a/source/customizations.rst +++ b/source/customizations.rst @@ -7,6 +7,37 @@ Customizations Check out the :ref:`pun-environment` for an overview of how environment variables can be added. +.. _disabling_applications: + +Disabling applications +---------------------- + +OnDemand is comprised of a few components. Each of which you can disable or limit +access by simply changing the file permissions of the application. + +All the applications OnDemand installs are located in `/var/www/ood/apps/sys`. +So, for example, if you wished to disable the file browser you would simply +change it's directory to 700 so it's unreadable by regular users. + +When this directory is unreadable by regular users, the functionality +it provides will be disabeled. + +.. code-block:: sh + + sudo chmod 700 /var/www/ood/apps/sys/files + +Alternatively, if you wished to limit acess you can do so through group +permissions. For example, if you wanted to limit access to the file browser +to only memebers in the Unix group ``staff``, you would simply apply the +applicable file permission such that anonymous users cannot access the +directory while members of the ``staff`` Unix group can. + +.. code-block:: sh + + sudo chmod 750 /var/www/ood/apps/sys/files + sudo chown root:staff /var/www/ood/apps/sys/files + + Announcements ------------- diff --git a/source/security.rst b/source/security.rst index 902138bf..b225c522 100644 --- a/source/security.rst +++ b/source/security.rst @@ -35,7 +35,8 @@ that some centers may want to change or disable altogether. - **File Access**: OnDemand lets users navigate the file system. While file permissions limit what a user can view and navigate to, some centers may want to limit this even further. One option is to :ref:`set-file-allowlist` to limit what directories users may navigate to. - + Additionally, you may want to disable or limit access to the application. You can do this + through :ref:`disabling_applications`. Conclusion ----------