限制python脚本位置 [英] Restrict python script locations

问题描述

我想知道是否有一种方法可以控制允许运行 python 脚本的位置?这样python只允许运行某些位置的脚本.我们正在使用 Windows 域控制器运行 Windows 环境.

I'm wondering if there is a way of controlling from where python scripts are allowed to run? So that only scripts in certain locations are allowed to be run by python. We are running a windows environment with windows domain controllers.

原因是作为在安全要求严格的环境中锁定python的一个步骤.

The reason being as one step of locking down python in an environment with strict security requirements.

推荐答案

给定一组目录，其内容应该被 Python 解释器排除在执行之外 - 也许您可以从每个 Python 脚本中剥离执行访问权限问题，也许使用 访问控制列表) - 见https://docs.microsoft.com/en-us/windows/desktop/secauthz/access-control-lists 了解详情.

Given a set of directories whose contents should be excluded from execution by the Python interpreter - maybe you could strip the execute execute access rights from each of the Python scripts in question, maybe using access control lists) - see https://docs.microsoft.com/en-us/windows/desktop/secauthz/access-control-lists for details.

或者，您可以定义一个列入白名单的目录列表，并修改脚本，以便它们检查它们的物理位置，如果它们不在白名单目录中，则在执行后立即退出.诚然，这不是最可扩展的方法，可能不会成功.

Alternatively, perhaps you define a list of white-listed directories, and modify the scripts such that they check to see where they are physically located, exiting immediately after execution if they are not in a white-listed directory. This is admittedly not the most extensible approach and probably won't fly.

这篇关于限制python脚本位置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！