Run python script with reduced permissions
Question:
I have to run some student-made code that they made as homework, I’m running this on my own computer (Mac OS), and I’m not entirely certain they won’t accidentally “rm -rf /” my machine. Is there an easy way to run their python scripts with reduced permissions, so that e.g. they can access only a certain directory? Is PyPy the way to go?
Answers:
You could use a chroot environment. In this setup, the script can’t access any files outside the chroot jail.
Create a new user account “student”. Run your students’ scripts as “student”. Worst case, the script will destroy this special user account. If this happens, just delete user “student” and start over.
Nowadays, a simple way would be to run student code inside a docker container. You just mount the volume with the code and use an image with python.
e.g. assuming /tmp/student_code contains student submissions:
docker run -it --mount type=bind,source=/tmp/student_code,target=/student_code python /bin/bash
you are dropped into a new bash session and can run python /student_code/script1.py
I have to run some student-made code that they made as homework, I’m running this on my own computer (Mac OS), and I’m not entirely certain they won’t accidentally “rm -rf /” my machine. Is there an easy way to run their python scripts with reduced permissions, so that e.g. they can access only a certain directory? Is PyPy the way to go?
You could use a chroot environment. In this setup, the script can’t access any files outside the chroot jail.
Create a new user account “student”. Run your students’ scripts as “student”. Worst case, the script will destroy this special user account. If this happens, just delete user “student” and start over.
Nowadays, a simple way would be to run student code inside a docker container. You just mount the volume with the code and use an image with python.
e.g. assuming /tmp/student_code contains student submissions:
docker run -it --mount type=bind,source=/tmp/student_code,target=/student_code python /bin/bash
you are dropped into a new bash session and can run python /student_code/script1.py