Open astrofle opened 7 months ago
We can certainly add a check_protected_directories() function in our write methods, but as you note that does prevent third-party abuse.
However: Why does an ordinary user have write permission to /home/sdfits and /home/archive? Shouldn't this be fixed at the source, i.e. in the OS?
One of the requirements is that
dysh
"must never modify the contents of/home/sdfits/
or/home/archive/
. If a user attempts to run scripts which would do so, the software should issue an appropriate error". How can we implement this? Can there be a global check on any write operations to make sure this does not happen? How would we handle external dependencies? For example, if we useastropy
download functions, How can we prevent a user from prointing theirastropy
cache to/home/sdfits
?