it's em!
it's em!7mo ago

Drop permissions

I'd like to harden my deno app a bit, but specifying permissions manually gets repetitive. Is there a way for me to run with -A, parse my configs, and then drop all permissions I don't need before loading the rest of the app? Ex. the configuration will contain a database path, so I should keep the r/w permissions for that, but not any other files.
2 Replies
marvinh.
marvinh.7mo ago
No, reversing already given permissions in the same process is not possible. you can limit the read + write permissions to certain files by passing a file path, see https://docs.deno.com/runtime/manual/basics/permissions
cknight
cknight7mo ago
You can also setup a deno task in your deno.json and specify specific permissions there. E.g. in your deno.json you have:
{
"tasks": {
"start": "deno run --allow-read=./config.json,./my.db --allow-write=./my.db mod.ts",
},
}
{
"tasks": {
"start": "deno run --allow-read=./config.json,./my.db --allow-write=./my.db mod.ts",
},
}
Then on the command line you can just do:
deno task start
deno task start