Yes, I confirm that R needs also to be jail root, the necessary set of command is inded significant. But we have not succed to run RSP with this config.
It seems it can not be done.
Is there any particular thing that the admins are concerned that people will do?
Yes, data are very sensitives, users can't share data nor copy data outside or their home directory.
[...] this is not a system where you would expect malicious users...
This is a system where people from the organisation and people outside the organisation will access RStudio.
Regulation authority following french laws want to be sure there will be no data leak.
RStudio Server Pro has code auditing, so they could audit and see what code is being executed.
Thanks, that's interesting. When user is "sourcing" an unsaved script, we can only read the following (not the code that is run)
source('~/.active-rstudio-document')
As a result, in the audit table, column data is empty. I guess a solution is to overwrite source and make sure echo is always set to TRUE. Any other suggestion would be welcome.
That does not trace everything but this is a step forward.
From your answers and questions, I understand system permission is the recommended way to secure the environnement with a centos OS and that chrooting users is not recommended.
Thanks