[Zope-dev] Re: Problem in ZGadflyDA/__init__.py
Jim Fulton
jim@digicool.com
Tue, 11 Apr 2000 12:39:36 -0400
Gregor Hoffleit wrote:
>
> There's a small but sometimes fatal problem in ZGadflyDA/__init__.py:
>
> __init__.py currently checks for the presence of a gadfly directory in
> Zope's var directory, and creates it if it's not yet there:
>
> j=os.path.join
> d=j(j(INSTANCE_HOME,'var'),'gadfly')
> if not os.path.exists(d):
> os.mkdir(d)
> os.mkdir(j(d,'demo'))
>
> Now if you start up z2.py as root, since __init__.py is called *before*
> z2.py tries to setuid/setgid, the gadfly directory will be created with
> the
> original uid and gid, i.e. root.
>
> Depending on the umask, this leaves the Zope process with insufficient
> permissions to access the gadfly directory.
>
> The suggested change is easy: Similar code is already in
> ZGadflyDA/db.py, so
> it should be safe to remove the lines above from ZGadflyDA/__init__.py.
Thanks. I've checked this in.
BTW, it would be better to submit suggestions like this
into the Collector, http://classic.zope.org:8080/Collector,
as bugs or features with patches.
Jim
--
Jim Fulton mailto:jim@digicool.com Python Powered!
Technical Director (888) 344-4332 http://www.python.org
Digital Creations http://www.digicool.com http://www.zope.org
Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email
address may not be added to any commercial mail list with out my
permission. Violation of my privacy with advertising or SPAM will
result in a suit for a MINIMUM of $500 damages/incident, $1500 for
repeats.