Exec node: Block system commands for a particular directory?

Hi,

If a user has access to the editor they can get the source code of any file, list folder structure, and run any system command based on the OS user permissions.

Is there a way to limit commands just for the exec node?
For example: If a user tries to run "ls" in the node-red home directory from the exec node they should get permission denied.

Thanks!

Have a look at the Node-RED configuration docs. You can block access to any nodes. Of course, that means that you can't run it at all.

An alternative would be to run Node-RED under a restricted user ID and rely on Linux's protections.

If you need to be able to run some exec nodes but not let the user have access. Run 2 instances of Node-RED and use a TCP or similar pair of nodes to allow them to talk to each other over a restricted API interface you create yourself.

Don't forget that it would be very difficult, I think, to prevent someone who is able to edit a function node from accessing the file system.

Not sure about that. A function node doesn't have access to fs, how would you access the file system?

I can restrict the user from running some system commands from the exec node by setting up Linux user permissions. The part that confuses me is how to do this for the node-red home folder.

Somehow I need to give the node-red process the access to read/write files inside the .node-red home folder but restrict the user using the node-red editor to access those files using the exec block.

Yes. I suppose you are right, provided the user cannot modify settings.js and no other relevant modules have been added to functionGlobalContext.

It would be necessary to disable installation of additional nodes and also, I guess, to disable the file-out node, and if @ashish-y doesn't want the user to be able to read files then also disable the file-in node.

Also necessary to protect the admin api otherwise the user could use http nodes to access that, I think.

Is RED.util.cloneMessage(..) the only RED method accessible from function nodes?

I can't think of a solution for that.

You can restrict access to individual files in Linux if you need to.

But my better suggestion was to run two instances. A secured instance that the user has no access to and a user instance that they do. If you secure access for the user correctly, allowing them access to files in their home folder would simply mean that they could destroy their own stuff but nobody elses.

I guess you could do something similar or possibly even better by using Docker.