From 61dcd86bcfd368a5b5e68a2eb634040e1fdc5749 Mon Sep 17 00:00:00 2001 From: RafaelGSS Date: Thu, 8 Aug 2024 11:41:59 -0300 Subject: [PATCH 1/2] doc: explicitly mention node:fs module restriction --- doc/api/permissions.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/doc/api/permissions.md b/doc/api/permissions.md index d41c94d74f676d..7888f45e42a204 100644 --- a/doc/api/permissions.md +++ b/doc/api/permissions.md @@ -529,6 +529,11 @@ process.permission.has('fs.read', '/home/rafaelgss/protected-folder'); // false #### File System Permissions +The Permission Model by default restricts access to `node:fs` module. +It doesn't guarantee users won't be able to write to the disk. +For instance, `node:sqlite` allows users to use +a file-based database. + To allow access to the file system, use the [`--allow-fs-read`][] and [`--allow-fs-write`][] flags: From d882db1ebae93c489bf162445b3f92835a68b75d Mon Sep 17 00:00:00 2001 From: Rafael Gonzaga Date: Thu, 8 Aug 2024 13:15:02 -0300 Subject: [PATCH 2/2] Update doc/api/permissions.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Tobias Nießen --- doc/api/permissions.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/doc/api/permissions.md b/doc/api/permissions.md index 7888f45e42a204..8bd0492bcd623a 100644 --- a/doc/api/permissions.md +++ b/doc/api/permissions.md @@ -529,10 +529,9 @@ process.permission.has('fs.read', '/home/rafaelgss/protected-folder'); // false #### File System Permissions -The Permission Model by default restricts access to `node:fs` module. -It doesn't guarantee users won't be able to write to the disk. -For instance, `node:sqlite` allows users to use -a file-based database. +The Permission Model, by default, restricts access to the file system through the `node:fs` module. +It does not guarantee that users will not be able to access the file system through other means, +such as through the `node:sqlite` module. To allow access to the file system, use the [`--allow-fs-read`][] and [`--allow-fs-write`][] flags: