Create a child process which cannot access any files a level above with Node.JS?

Question

I'm trying to develop a Node.JS Application that allows for users to create their own Node Apps which run as child processes to the main Node.JS app. The issue that I am having is that I do not know how to only give the corresponding child process permission to access and execute files inside it's own folder, eg. I don't want a child process to be able to see the files of another user.

I thought that I may be able to run a child process inside it's own folder, and only allow access to this folder from the enclosed files and the main Node.JS app (parent).

I have no clue as to how I may be able to do this, but I thought that I may be able to do this by using chmod, but I don't know exactly how this works, and I'm not sure how I would be able to only allow access from the parent process and enclosing files, and not from anywhere else?

I have enclosed a diagram of how I would like the data-flow to occur, incase I haven't explained properly:

Many thanks!

Answer 1

You've mentioned chmod in your question, so I assume you're using a *nix-like operating system.

You can use a chroot jail for this. There's an npm module, chroot, which can help. Here's an example from their docs:

Bind a TCP server to a privileged port before dropping privileges.

var net = require('net');
var chroot = require('chroot');

var server = net.createServer();
server.listen(80, function(err) {
  if (err) { throw err; }

  try {
    chroot('/var/empty', 'nobody');
    console.log('changed root to "/var/empty" and user to "nobody"');
  } catch(err) {
    console.error('changing root or user failed', err);
    process.exit(1);
  }
});

The first argument is the location that should be seen as "root" by the child process.