禁止进入 [英] Restricted Access

问题描述

我正在为python开发一个webIDE，我有2个问题。


1.如何在不删除的情况下禁用某些模块。例如，我希望

禁用os模块。

2.如何强制用户代码只访问他的特定文件夹，我不想在unix中创建用途，例如

fp = open（PATH，''w''）＃如果定义了这个PATH，那么使用可以访问

文件，否则他不能......有什么办法吗？


问候！

iapain

I''m developing a webIDE for python and I''ve 2 questions regarding it.

1. How can i disable some of the modules without deleting. e.g I wish
to disable "os" module.
2. How can i force user code to access only his particular folder, I
dont want to create uses in unix, e.g

fp = open(PATH, ''w'') # If this PATH is defined then use can access
files else he cant .. is there is any way?

Regards!
iapain

推荐答案

1。如何在不删除的情况下禁用某些模块。例如，我希望

1. How can i disable some of the modules without deleting. e.g I wish

来禁用os模块。

to disable "os" module.

如果你准备好接下来的大规模破损，你可以


chmod go-rwx / usr /lib/python2.3/os.*


（假设* nix稍后详述）。

If you''re prepared for the massive breakage that will ensue, you can

chmod go-rwx /usr/lib/python2.3/os.*

(assuming *nix as you later detail).

2。我如何强制用户代码只访问他的特定文件夹，我

不想在unix中创建用途，例如

2. How can i force user code to access only his particular folder, I
dont want to create uses in unix, e.g

嗯，你可以为每个用户创建一个chroot jail，其中包含/usr/{lib/python2.3/,bin/,usr/bin/}目录的

克隆。

你必须包含用户需要的任何其他可执行文件（重要的东西，如ls，cp，mv，mkdir，rmdir，

cvs / ci / co / rcs / svn等）这将确保每个用户都不会访问你没有明确复制到他们的

监狱的任何东西。另一种选择可能只是将python

库复制到用户homedir中的某个地方（无论他们的原始库路径是什么），撤销执行非用户执行privs

来自python可执行文件（" chmod go-x` which python`），然后

将python改为运行类似chroot的脚本

Well, you can create a chroot jail for each user that contains a
clone of your /usr/{lib/python2.3/,bin/,usr/bin/} directories.
You''d have to include any other executables that the user would
need (important stuff like ls, cp, mv, mkdir, rmdir,
cvs/ci/co/rcs/svn, etc) This would ensure that each user doesn''t
access anything that you haven''t explicitly copied in to their
jail. Another alternative might just be to copy the python
libraries to some place in the user''s homedir (whatever their
original library path was), revoke execute non-user execute privs
from the python executable ("chmod go-x `which python`), and then
change python to be a script that runs something like "chroot

HOME / python

HOME/ python

@"。允许每个用户通过sudo访问此脚本。


您可能会尝试一些想法。


-tkc

@". Allow per-user access to this script via sudo.

Just a couple ideas you might try.

-tkc

这篇关于禁止进入的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！