I’m looking at how to use IPFS for multiple users on a single Linux system.
The users might not be real people, some may simply be processes running with different user accounts.
A single IPFS daemon would run on the system and content required by any of the users would be pooled in a single data directory. This would avoid keeping duplicate copies of any object.
As far as I can tell, if a single IPFS daemon runs with FUSE, any user can read things from /ipfs so that part of the problem, read access, is already solved.
Every user who wants to publish things with ipfs add
needs to have write access to the data directory. This runs the risk that a user could break something in that directory. Is there any more fine-grained way to control access to IPFS in such an environment, so that users can run ipfs
commands without having direct write access to the data storage?
I could think of ways to make a wrapper script for passing files to the daemon through a queue directory if there isn’t already a built-in solution.