l have a website that is hosted in linux server, and my root is (/home/MyAccountName). My website allows users to upload there c++/c code, compile, and execute it.
The problem is:
The executed user’s program will have all the owner permissions (read – write -execute).
so if the user’s code is like :
system('cd / && rm -r MyAccountName');
when executing it, all my website files will be removed form the server.
The question is:
how to protect my website files from user’s executed programs, and give it limited permissions.
Note
I have only one user on the linux server (the owner), and i can’t create a new user in the server.
Advertisement
Answer
The standrard solution will be to execute their code in some chroot or even a container. You can modify your website to create an temporary directory, chroot to it and execute users code, so there will be no way for user to interact with your files or other parts of the system. If users code may be linked with some shared libraries, you can give a read only access, it could be done with mount --bind to make some parts of your main filesystem available inside chroot.