Reputation: 167
NodeJS accessing folders above
I have nodejs running on Centos 7. What bothers me is that any node apps could walk through whole server, changing any files and writing new one. How can I block node app from accessing folders above the level?
Upvotes: 0
Views: 47
Answers (1)
Reputation: 1772
This is not specifically a node.js issue, but more a question about how to secure a server from any form of potentially misbehaving program. A massive subject about which whole books have been written.
But to answer your question: any software, including node.js programs, runs in the context of a process that has a user (uid) and group (gid), and standard operating system facilities: file permissions, Access Control Lists (ACLs), etc., determine what a process with a specific uid and gid can access.
If you believe that the node.js program can access the whole server’s file system that suggests that the process is running as the root user, or at least has superuser (su) privileges; which would be considered bad security practice in almost all circumstances.
So run the node.js program as a user with no access outside of an area of the file system to which it has been explicitly granted the minimal possible access.
This CentOS documenation (https://www.centos.org/docs/5/html/5.1/Deployment_Guide/sec-sel-context-checking-processanduser.html) might help a little if you are new to the subject.
Upvotes: 1
Related Questions
- My node.js server doesn't work when launched from another directory
- Node js - public subfolder
- Change of directory with node.js
- NodeJS: What is the correct way to use different folder?
- accessing root public directory nodejs
- Allow NodeJS to only control certain directories
- Node.js cannot find directory
- Node.js Server running from a sub folder
- Node.js server files above root directory
- My node.js simple web server doesn't access parent folder