it's em!
it's em!8mo ago

Drop permissions

I'd like to harden my deno app a bit, but specifying permissions manually gets repetitive. Is there a way for me to run with -A, parse my configs, and then drop all permissions I don't need before loading the rest of the app? Ex. the configuration will contain a database path, so I should keep the r/w permissions for that, but not any other files.
2 Replies
marvinh.
marvinh.8mo ago
No, reversing already given permissions in the same process is not possible. you can limit the read + write permissions to certain files by passing a file path, see https://docs.deno.com/runtime/manual/basics/permissions
cknight
cknight8mo ago
You can also setup a deno task in your deno.json and specify specific permissions there. E.g. in your deno.json you have: 
{
  "tasks": {
     "start": "deno run --allow-read=./config.json,./my.db --allow-write=./my.db mod.ts",
   },
}
{
  "tasks": {
     "start": "deno run --allow-read=./config.json,./my.db --allow-write=./my.db mod.ts",
   },
}
Then on the command line you can just do: 
deno task start
deno task start