Restric movement to one folder

How can I forbid the movement out of a folder

ex:

1/bla
2/blaa/blaaaa
1/bla/bla
3/bla/bla

where 1, 2 and 3 are the folders where their contents can go out.

I think that i will modify the fs api but i dont lnow what to pu in these modifications.

any help will be apreciated

are you trying to restrict a program from accessing files outside a folder or users using the computers console?

i think he's trying to make his own "read-only" folder

the way to do this is to set up a proxy function that will check if the base folder is that read-only folder

local open = fs.open
fs.open = function(path,mode)
path = shell.resolve(path)
if (string.sub(path,1,3) == "/1/")
then error("fs.open: restricted directory")
end
return open(path,mode)
end

that would work unless another user can access the terminal, then it would probably better to create the file system on a rednet connected non-accessible computer that prepends in this case "/1/", "/2/" or "/3/" to any path-parameter or non-whitelisted command sent by the user on the client computer. e.g.:

user 1 only has access to /userfiles/1/
user 2 only has access to /userfiles/2/
etc

on the client computer has an altered network-shell (which overloads the fs api with ones that get a local copy of the file from the server when opening a file and sending it back when closing it again while working on the local copy internally still uses the previously saved old api - which can't do any harm but destroying the client which can be easily restored with a setup disk)

the server ideally requires the user to authenticate himself and when user 1 wants to access "/fileA" the server removes leading "/" then prepends "/userfiles/1/" before reading the file and sending it back to the client

if the server should also be able to run programs server side one could have a whitelist of system programs to run (and stuff like lua should not be on it) while self written programs would need to be sandboxed as well by treating anything the program refers to as "/" as "/userfiles/1" (for user 1) and all printing functions would instead need to be overloaded with functions sending the information via rednet to the client which on the other hand would (for interactive programs) would have to send relevant os events to the server (keystrokes mostly)

it definetly is more work this way but otherwise a user with access to the computer can get around it. if you implement startup scripts that modify all relevant global restrict accessing lua as well as launching self written programs one could still use a disk with a startup script to undo your changes. and if your really find a way to exterminate every possibility for a user to access files outside that folder you won't be able to change anything on that computer from within the game (if you had an admin login the password would be the weak point) which is fine as long as you are in singleplayer (where you don't need this) or have access to the files stored on the server

another possibility which is less useful would be to use advances monitors and computers to utilize the monitors touch capability to control the computer using a pointer-only-gui without having access to the computer itself but for that would would need to make at least the monitor adjacent to the computer unbreakable and embed the computer in other unbreakable blocks (well if you did the server thing and it was really important you would also need unbreakable blocks surrounding the server)


in case you just want a program to not access files outside a certain folder you could just either (if it's your program and no one is able to change it) prepend the folders path to every received path or (if you're running foreign code) overload the fs api like shown above (as long as that foreign code isn't designed to break free of your constraints)

or if you'd like to do something entirely different we didn't think of you might post it so we could think more problem specific

the problem with rednet servers is MC server lag

Djerun, on 06 February 2013 - 04:43 PM said:

that would work unless another user can access the terminal, then it would probably better to create the file system on a rednet connected non-accessible computer that prepends in this case "/1/", "/2/" or "/3/" to any path-parameter or non-whitelisted command sent by the user on the client computer.

TD;DR the rest beyond that. But no, if its the startup program and it overwrites the system functions then even the terminal/shell would have those effected too meaning any restrictions put on the file system would work, just don't use things such as a throw-back error or it will quit the shell.

when I have a computer with a startup script that prints "computer" and a disk with a startup script that prints "disk" and I boot the computer with the disk in an adjacent diskdrive it only "disk" will get printed, meaning the disk startup script could delete/rename the computers startup script and render it useless

as long as ppl can access the computer they can attack a disk drive unless the computer has only one side accessible and the computer itself and its surrounding blocks are unbreakable due to a block protection while the chunk with the computer is never unloaded and the server never reboots or a block protection plugin prevents the computer form being broken as well as the disk drive from being placed

Djerun, on 09 February 2013 - 10:59 AM said:

when I have a computer with a startup script that prints "computer" and a disk with a startup script that prints "disk" and I boot the computer with the disk in an adjacent diskdrive it only "disk" will get printed, meaning the disk startup script could delete/rename the computers startup script and render it useless

as long as ppl can access the computer they can attack a disk drive unless the computer has only one side accessible and the computer itself and its surrounding blocks are unbreakable due to a block protection while the chunk with the computer is never unloaded and the server never reboots or a block protection plugin prevents the computer form being broken as well as the disk drive from being placed

So then you put your own unaccessible disk drive on the top… its the first drive position checked…

its kinda unfortunate that it's the top though. setting it as left or right first is much more realistic.

unless it has to do with some MC number system for the sides of blocks.

tesla1889, on 09 February 2013 - 01:07 PM said:

its kinda unfortunate that it's the top though. setting it as left or right first is much more realistic.

unless it has to do with some MC number system for the sides of blocks.

Yeh if memory serves when messing around with modding side 1 is the top…

TheOriginalBIT, on 09 February 2013 - 01:34 PM said:

–snip–
Yeh if memory serves when messing around with modding side 1 is the top…

ah. that'd be side 0 though, right?

makes sense for most purposes in MC

tesla1889, on 09 February 2013 - 01:56 PM said:

-snip-

ah. that'd be side 0 though, right?

makes sense for most purposes in MC

Nah if memory serves it was sides 1-6, not 0-5 (could be wrong or have changed, last modding I did was 1.2.5)
But pretty sure it was top, north, south, east, west, bottom… For the order…

TheOriginalBIT, on 09 February 2013 - 12:49 PM said:

So then you put your own unaccessible disk drive on the top… its the first drive position checked…

which again requires the computer to be unbreakable

Im trying to make partitions son only special programs can aces out the partition

in that case and if you are not worried about others "hacking" your computer you should save the necessary fs functions so somewhere only known to your special programs and then overload the originals so all other programs work with these

/folder/../1
not sure if CC supports ..