Skip to content

Limit access to a folder #1251

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
PhaserEditor2D opened this issue Jan 5, 2020 · 8 comments
Closed

Limit access to a folder #1251

PhaserEditor2D opened this issue Jan 5, 2020 · 8 comments
Labels
enhancement Some improvement that isn't a feature

Comments

@PhaserEditor2D
Copy link

It would be great to have a CLI option to limit the access of code-server to a particular folder, so users cannot read or write outside that folder. Something like:

server-code --data-dir $HOME/public-projects
@PhaserEditor2D PhaserEditor2D added the enhancement Some improvement that isn't a feature label Jan 5, 2020
@sr229
Copy link
Contributor

sr229 commented Jan 6, 2020

We don't provide that functionality, but if you're a seasoned Linux veteran or taken Red Hat courses regarding Linux permissions, chmod and chown serves this purpose for you.

@sr229
Copy link
Contributor

sr229 commented Jan 6, 2020

As for preventing the user to invoke cd to the folder, that's something we can't do. Perhaps container-based development workspaces might be your thing?

@PhaserEditor2D
Copy link
Author

Linux permissions, chmod and chown serves this purpose for you.

Yes, it could work for the Terminal. But what about this dialog?

image

Is there a way we can limit it to a particular folder?

Perhaps container-based development workspaces might be your thing?

Yes, I guess it is the most secure solution. Thanks for your quick answer.

@sr229
Copy link
Contributor

sr229 commented Jan 6, 2020

@PhaserEditor2D there's nothing we can solve about that, that's intended by design.

@PhaserEditor2D
Copy link
Author

Thanks anyway!

@joeshub
Copy link

joeshub commented Jun 20, 2020

came here looking for the same thing. Seems weird to give anyone root level access to a server. Has anyone figured out a solution yet?

@nhooyr
Copy link
Contributor

nhooyr commented Jun 22, 2020

@joeshub Run code-server as a different user and only allow that user to edit those files. Or chroot code-server into that directory.

@code-asher code-asher mentioned this issue Jun 29, 2020
Closed
@vahid-neuralinc
Copy link

vahid-neuralinc commented Dec 11, 2021
edited
Loading

I would suggest to:

  1. Install NginX
  2. Run code-server in docker/kubernetes
  3. Portforward from NginX to docker/kube nodeport
  4. Mount a host OS folder into that docker container as working folder

Though it is a workaround.

The original ask or suggestion to expose a parameter to set the root of code server is a fair ask though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Some improvement that isn't a feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@joeshub @nhooyr @PhaserEditor2D @sr229 @vahid-neuralinc