node-jail
This node.js module provides a way to creates secure subprocesses. The subprocesses are own by an existing user (unix only for the moment) with setuid/setgid. The subprocess is also chrooted in the user home directory.
Usage
Creation of a subprocess:
var jail = ;var oJail = username: 'username' //unix user password: 'password' //unix password of the user //Optionnal arguments { //Callback function triggered when child process send message. //args contains all elements sent by child (so it is user defined). //It is recommended to have a args.action which indicates which operation //must be handled by this function. eg: // if (args.action == 'log str'){ // console.log(args.str); // }else ... } 'jailedsuccessloginargs': //These argument will make the subprocess to run a specific function. action: '' // eg. // { action: 'file read', // filepath: '/' } // This will cause the subprocess to run the 'file read' function. // The subprocess function will receive this map as is only argument. { // callback function triggered when a user successfully login. } { // callback function triggered when a user fail to login. } { // callback triggered just before the subprocess is killed. } 'methodsfile': __dirname + '/methods.js' // Path to the file containing subprocess methods ;
Let's focus on 'methodsfile' parameter. This file contains functions that can be used by a subprocess. The methods.js file looks like this:
var fs = ;var methods = { fs; } //etc exportsmethods = methods; //Always end with this line !
In this example, we have a unique function file stat
.
This function is called by the parent process with the following code:
jail;
It is important to note that the jailed function always need the 'action' parameter in order to know which function the subprocess must use. When the function has finished, in this example, it sends a message to its parent. This message will be handled by the callback function defined by the 'cb' parameter.