Landdown: Simple Sandboxing for Shell Scripts

This is a really nice idea. The shebang-based approach makes it feel way more natural than wrapping everything in a separate command.

I like that it forces you to explicitly think about what a script actually needs (files, network, etc.). Most shell scripts run with way more access than they should.

Feels like a good middle ground between “no isolation” and heavier tools like bubblewrap or firejail.

	▲	verdverm 11 hours ago \| parent [-]
		Stuff like this ignores all of the tooling we have for this already, like users, groups, and permissions That first example, it's a no-op for a regular users, they can't write those, use chmod/chown instead. What you don't see is that this sort of thing, permissions within the scripts, are (1) easy to change (2) hard to maintain