An idea while fiddling with code, thought I’d mention it here in case its useful.
Right now the user can access any RPC call for their zcashd node, either through zcash-cli or with anything else they run (ie: a script, third party code, etc).
LND uses macaroons that can restrict access to ‘read’, ‘write’ or ‘admin’, which gives a way to restrict access to commands that spend funds. Macaroons are hard to work with (or in other words, I haven’t figured out how to do that with perl - yet).
My suggestion is to add ‘disablefeature’ items to zcashd.conf, this would allow the user to set up their node as ‘read only’. By controlling access in this way no third party code would be affected as it could still use the RPC server.
There’s a precedent as user can already enable experimental features so the opposite of that would work nicely - root ownership & correct permissions on zcash.conf provide the rest.
This assumes the third-party code is not running as the same user that owns the wallet (access to keys etc) but that could be addressed by encrypting or locking the wallet.
The goal is only to allow a ‘different system user’ to use the RPC server in a controlled way.