Restricted Access
Tim Chase
python.list at tim.thechases.com
Mon Jul 10 17:36:15 EDT 2006
> 1. How can i disable some of the modules without deleting. e.g I wish
> to disable "os" module.
If you're prepared for the massive breakage that will ensue, you can
chmod go-rwx /usr/lib/python2.3/os.*
(assuming *nix as you later detail).
> 2. How can i force user code to access only his particular folder, I
> dont want to create uses in unix, e.g
Well, you can create a chroot jail for each user that contains a
clone of your /usr/{lib/python2.3/,bin/,usr/bin/} directories.
You'd have to include any other executables that the user would
need (important stuff like ls, cp, mv, mkdir, rmdir,
cvs/ci/co/rcs/svn, etc) This would ensure that each user doesn't
access anything that you haven't explicitly copied in to their
jail. Another alternative might just be to copy the python
libraries to some place in the user's homedir (whatever their
original library path was), revoke execute non-user execute privs
from the python executable ("chmod go-x `which python`), and then
change python to be a script that runs something like "chroot
$HOME/ python $@". Allow per-user access to this script via sudo.
Just a couple ideas you might try.
-tkc
More information about the Python-list
mailing list