Deny modifying certain directories

[astrofle]

One of the requirements is that dysh "must never modify the contents of /home/sdfits/ or /home/archive/. If a user attempts to run scripts which would do so, the software should issue an appropriate error". How can we implement this? Can there be a global check on any write operations to make sure this does not happen? How would we handle external dependencies? For example, if we use astropy download functions, How can we prevent a user from prointing their astropy cache to /home/sdfits?

[mpound]

We can certainly add a check_protected_directories() function in our write methods, but as you note that does prevent third-party abuse.

However: Why does an ordinary user have write permission to /home/sdfits and /home/archive? Shouldn't this be fixed at the source, i.e. in the OS?