[Zope] Filesystem Permissions for a Zope Install

Dylan Reinhardt zope@dylanreinhardt.com
21 May 2003 22:54:22 -0700


The generic answer to this question is to give each daemon its own
user.  This way, if one is compromised, the extent of the damage is
(hopefully) limited.  It may also be easier to audit / detect the
results of an exploit.  

It's tough to know how much difference this actually makes, but it's a
typical best practice.

Dylan


On Wed, 2003-05-21 at 08:41, Edward Pollard wrote:
> >> However, the only immediate alternative seems to be to add Apache to
> >> the "Zopeadmins" group we have, but that has read-write, and letting
> >> Apache have write is a potential security hazard.
> >
> > Apache needs access to the port Zope is running on and nothing else.
> > Really, they don't even have to be on the same machine...  or the same
> > OS, for that matter.
> >
> > Unless you're doing something *highly* unusual, Apache needs exactly
> > *zero* access to Zope files.
> 
> We turned off world read and instantly got an error. This brought me 
> great consternation in light of this advice.
> 
> Further investigation reveals that we had set up the Zope process to 
> run under the Apache user. Duh.
> 
> This is probably poor form, and undoubtedly the cause of my error. 
> Would it be wise to create a new unprived user for Zope processes, or 
> is it just fine to cram Apache into the Zopeadmins group?
> 
> This is probably getting academic, but I'd love some opinions on the 
> subject.
> 
> Edward
> 
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )