Skip to content

Commit

Permalink
add info about disabling apps to customizations
Browse files Browse the repository at this point in the history
  • Loading branch information
johrstrom committed Jul 17, 2024
1 parent ab1b45e commit ebc6f5e
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 1 deletion.
31 changes: 31 additions & 0 deletions source/customizations.rst
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,37 @@ Customizations
Check out the :ref:`pun-environment` for an overview of how environment variables can be
added.

.. _disabling_applications:

Disabling applications
----------------------

OnDemand is comprised of a few components. Each of which you can disable or limit
access by simply changing the file permissions of the application.

All the applications OnDemand installs are located in `/var/www/ood/apps/sys`.
So, for example, if you wished to disable the file browser you would simply
change it's directory to 700 so it's unreadable by regular users.

When this directory is unreadable by regular users, the functionality
it provides will be disabeled.

.. code-block:: sh
sudo chmod 700 /var/www/ood/apps/sys/files
Alternatively, if you wished to limit acess you can do so through group
permissions. For example, if you wanted to limit access to the file browser
to only memebers in the Unix group ``staff``, you would simply apply the
applicable file permission such that anonymous users cannot access the
directory while members of the ``staff`` Unix group can.

.. code-block:: sh
sudo chmod 750 /var/www/ood/apps/sys/files
sudo chown root:staff /var/www/ood/apps/sys/files
Announcements
-------------

Expand Down
3 changes: 2 additions & 1 deletion source/security.rst
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,8 @@ that some centers may want to change or disable altogether.
- **File Access**: OnDemand lets users navigate the file system. While file permissions
limit what a user can view and navigate to, some centers may want to limit this even further.
One option is to :ref:`set-file-allowlist` to limit what directories users may navigate to.

Additionally, you may want to disable or limit access to the application. You can do this
through :ref:`disabling_applications`.

Additional Information
----------------------
Expand Down

0 comments on commit ebc6f5e

Please sign in to comment.