On Mon, Feb 20, 2012 at 06:17:23PM +0100, li...@mwoywod.de wrote: > Hi! I'm deploying R behind a web-app on a linux-server and I don't want > to grant the users shell access through the system() function for > security reasons. > > Is there any safe way to deny a user access to the function?
Hi. Disabling system() is not sufficient. The user may call directly .Internal(system(, )) Other dangerous things may be opening connections with write access or manipulation with files. In particular, pipe() can also run a command. It could be better to run R under a user name with restricted permissions. Petr Savicky. ______________________________________________ R-help@r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-help PLEASE do read the posting guide http://www.R-project.org/posting-guide.html and provide commented, minimal, self-contained, reproducible code.
