1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-12-26 00:59:24 -05:00

Add permission whitelist docs (#2365)

This commit is contained in:
Daiki Ihara 2019-05-16 23:39:19 +09:00 committed by Ryan Dahl
parent 6679c4807c
commit 9c9c58c84d
2 changed files with 34 additions and 0 deletions

View file

@ -191,6 +191,9 @@ ability to spawn subprocesses.
# run program with permission to read from disk and listen to network
deno run --allow-net --allow-read https://deno.land/std/http/file_server.ts
# run program with permission to read whitelist files from disk and listen to nework
deno run --allow-net --allow-read=$(pwd) https://deno.land/std/http/file_server.ts
# run program with all permissions
deno run -A https://deno.land/std/http/file_server.ts
",

View file

@ -357,6 +357,37 @@ And if you ever want to upgrade to the latest published version:
$ file_server --reload
```
### Permissions whitelist
deno also provides permissions whitelist.
This is an example to restrict File system access by whitelist.
```shellsession
$ deno run --allow-read=/usr https://deno.land/std/examples/cat.ts /etc/passwd
⚠️ Deno requests read access to "/etc/passwd". Grant? [a/y/n/d (a = allow always, y = allow once, n = deny once, d = deny always)]
```
You can grant read permission under `/etc` dir
```shellsession
$ deno run --allow-read=/etc https://deno.land/std/examples/cat.ts /etc/passwd
```
`--allow-write` works same as `--allow-read`.
This is an example to restrict host.
```ts
(async () => {
const result = await fetch("https://deno.land/std/examples/echo_server.ts");
})();
```
```shellsession
$ deno run --allow-net=deno.land allow-net-whitelist-example.ts
```
### Run subprocess
[API Reference](https://deno.land/typedoc/index.html#run)