Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Prevent the user from accessing or modifying other users’ repositories or folders. #7299

Unanswered
Rockstarravo asked this question in Q&A
Discussion options

Currently, users have the ability to access or modify repositories and folders that belong to other users. To ensure proper security and data privacy, we need to implement restrictions that prevent users from reading or writing to repositories or folders that do not belong to them.

1.	Users should only be able to access their own repositories and folders.
2.	Users should not have read or write permissions for other users’ repositories or folders.
3.	Implement necessary access control measures to enforce these restrictions.
4.	Ensure that admin users retain necessary access privileges as required.

Please assist to me on above enforcement
You must be logged in to vote

Replies: 1 comment 3 replies

Comment options

The only way to achieve this right now is to launch a separate code-server process for each user. You can either use permissions to restrict the file access, or you can use separate containers. You could use something like https://github.com/coder/coder to achieve this.
You must be logged in to vote
3 replies
Comment options

This approach may not be feasible, considering we work with over 200 team members. Assigning a separate instance to each user would be a significant undertaking. Are there any alternative solutions we could explore?"
Comment options

Not that I am aware of, fundamentally code-server is meant to run as a single-user process.

It would be technically possible to rewrite code-server and VS Code to support multiple users, but I think this would be quite a big undertaking, and it would never be as secure as using containers (not to mention things like port conflicts).

If it helps, there are folks that use coder/coder with well over 200 developers, although I am not sure what their costs look like. Depends on the exact architecture chosen, I imagine.
Comment options

Are there any alternative solutions we could explore?

Containerised Juypter, i.e. JupyterHub + b-data's/my Jupyter Lab docker stacks (which include code-server).
🔬 Check out the reference deployment [using GitHub authentication] at https://demo.jupyter.b-data.ch/.

i️ Jupyter (JupyerHub + JupyterLab) is well established in the Data Science community.

(Test locally: docker run --rm -p 8888:8888 -ti glcr.b-data.ch/jupyterlab/python/base:3.12)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet

AltStyle によって変換されたページ (->オリジナル) /