Well, it should be no different then with other runtimes, like Rails or maybe a PHP app.
`node` is a binary file, and when you run it, you run it as a certain user. This user can access some files on the system, and is blocked to others. Likewise, other users can access certain files owned by this user, or can be blocked from others. Typical program like any other. If you want to isolate a Node app on a, say, typical linux system, you would run the Node runtime with a separate user, created just for the app. You would protect it's home directory (or wherever the app is served from) so that only that user (and possibly autodeployment etc scripts) can access it. If you want to protect other places on the system, do not let your app user (or node user) access to that folder. But those are simple use cases. Seemingly more complex solution would be if you "dockerize" your app - put it in the docker container. The app is then, well, contained. Permissions are much more restrictive, depending on your setup. And you get other benefits - streamlining deployments, testing etc. The best part of dockerizing a node app is that it's super simple. You learn it in one afternoon, you practice maybe a week and you are good - new skill acquired, new levels of complexity that actually simplifies stuff for you reached, new options open. And it's applicable to more then just node, you can then dockerize other stuff too - database/cashing systems, file systems, nginx and whatnot. Take a look at one of the tutorials available online and see how it goes. On Sunday, January 3, 2016 at 11:53:43 PM UTC+1, AaronNGray wrote: > > Hi, > > A friend asked me a question I was very embarrassed not to be able to > answer. Basically he could not find any information on both deploying > Node.js app in regard to setting file permissions and on protecting > the filing system from Node.js applications. There seems to be no > guides to these matters. > > So I would be interested if there is anything available regarding these > matters. > > Many thanks in advance, > > Aaron > -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscr...@googlegroups.com. To post to this group, send email to nodejs@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/8ff133ad-555f-49f8-ae02-7959f486a605%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
