[ZWeb] Zope.org feedback: UNIX Zope security patches

Martijn Pieters mj@zope.com
Thu, 24 Jan 2002 16:56:02 -0500


Hi Julio,

You have reached the maintainers of the Zope.org website; but I gather that
you ment to reach Matt Behrens instead. You can reach the author of a page
(like Matt) by using the "Feedback to this page's author" instead next time.
I have taken the liberty of forwarding your message to Matt for you.

Hope this helps!

On Thu, Jan 24, 2002 at 04:25:13PM -0500, Julio Silva wrote:
> Hi Matt,
>=20
> I'm not a unix permissions guru, far from that but I have
> a question for you:
>=20
> I agree on NOT running zope with nobody and instead use
> a dedicated user, for instance, zope.
>=20
> Now regarding all the other subjects your Zope UNIX security patch addres=
ses namely the ones related to the
> read/write access to some files in var like the ones
> that are created when a zodb pack is made and the z2.pid:
> Isnt more simple to, for instance, install zope in
> /usr/local/zope and give this directory "zope" the following
> permissions:
>=20
> drwxrwx---    5 zope     zope         1024 Jan 11 20:34 zope
>=20
> I think this solves all problems related to other users
> access to z2.pid, Data.fs.old, etc files.
>=20
> But then again unix security is not my zen.
>=20
> Thanx for any comments,
> J=FAlio Silva
>=20
> ----------------------------------------------------------
> This email was generated from the Zope.org feedback form
> It was invoked from a link on http://www.zope.org/Members/zigg/UnixSecuri=
tyPatch
>=20
>=20
> _______________________________________________
> Zope-web maillist  -  Zope-web@zope.org
> http://lists.zope.org/mailman/listinfo/zope-web

--=20
Martijn Pieters
| Software Engineer  mailto:mj@zope.com
| Zope Corporation   http://www.zope.com/
| Creators of Zope   http://www.zope.org/
---------------------------------------------