Hacker News new | ask | show | jobs
by immibis 161 days ago
Probably because Linux doesn't really have a good model for ad-hoc permission restrictions. It has enough bits to make a Docker container out of, but that's a full new system. You can't really restrict a subprocess to only write files under this directory.
1 comments
newsoftheday 161 days ago
For plain Linux, chmod, chmod's sticky bit and setfacl provide extensive ad hoc permissions restricting. Your comment is 4 hours old, I'm surprised I'm the first person to help correct its inaccuracy.
link
immibis 160 days ago
How can those be used to restrict a certain subprocess to only write in a certain directory?
link
godelski 160 days ago
chown
link
immibis 159 days ago
how?
link
godelski 159 days ago
chgrp claude someDirectory
link
immibis 159 days ago
This doesn't meet the requirement. It doesn't restrict a certain subprocess to only write in a certain directory. You are just saying these things to quickly shut down the uncomfortable thought that Linux can't do something.
link