Node - Prevent child process from going in to parent directory

Question

I am spawning a process from my node server, that is in /tmp/running/username (it is a node process uploaded by the user)

how do I prevent it from reading (or knowing of the existence of) anything other than /tmp/running/username?

I can spawn the process in any required way.

Answer 1

You could spawn the process as an argument for chroot, which will change the root directory for your process:

spawn('chroot', ['/tmp/running/username', 'yourprocess', 'arg1', ...]);

An alternative would be to use the chroot function from the node-posix module (but to prevent the Node process from which you spawn your external program from being chrooted as well, you may need to fork first and call chroot from the child process).