Limit file system access

Hello,

I need to limit file system access only to our user home directory. I have searched this site for answers and I found that I should rebind FileSystem in my extension and then I can limit file system access.

So I did the following:

export default new ContainerModule(bind, unbind, isBound, rebind) => {
bind(FilesystemContribution).toSelf();
rebind(FileSystem).to(FilesystemContribution);});

@injectable
export class FilesystemContribution extends FileSystem {

//here I am not sure what to override and how can I limit it here to have access only to home directory of the user
}

Thank you for helping me.

Hi @cutie,

you can override the access method of the FileSystem class to achieve what you’re looking for:

Note that this only limits the access to files from the frontend, such as displaying file content in an editor. There are many other ways users might access the file system in unintended ways, most notably the terminal. Limiting access to files via the terminal is not possible through Theia, but instead has to be resolved by actually limiting user permissions.

Hi @msujew,

I need to limit an access of the file system on the backend side of the application. Which means, probably it will be somewhere in the @theia/filesystem/src/node/disk-file-system-provider

Sure you can override the appropriate methods in the DiskFileSystemProvider as well. Note that this still leaves open other ways of interacting with the (unprotected) file system via Terminal or vscode extensions.