interaction with local FS
Hi everyone, I'm curious in finding out how zope interacts with the server's file system: let's say I want to allow the users of my site to manage (read/write) their own files on the server's file system, does Zope support this goal anyhow? As far as I've seen, to me the response seems to be no, it doesn't! The only way to access the server's file system from zope seems to be using the ExternalFile product, which is far from satisfactory from the point of view of file access rights: it only allows access to files owned by zope itself (or in the same group of zope's). No way to access 'someuser''s files with the uid of 'someuser'? Thanks, Mario. _________________________________________________________________ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
On Tuesday, January 28, 2003, at 01:24 AM, Mario Bianchi wrote: This thread probably belongs in the main zope mailing list. LocalFS will let you map a local directory into Zope. AdaptableStorage probably will too, but it will be harder to setup at the moment.
No way to access 'someuser''s files with the uid of 'someuser'?
To do this, you would need to run Zope (or any other multi user application for that matter, such as Apache) as a superuser. Which you really don't want to do. The only other possible way of doing this would be to start a new process for every request which changes its euid (using a SUID root wrapper), authenticates itself, and does what you want to the FileSystem. People generally gave up on this approach for web systems about a decade ago due to it being a performance nightmare, which is why nothing does this out of the box. A better approach can come from becoming more familiar with your OS's group membership features. Under many Unix variants, for example, you can set up a group 'zopedocs', and add your users as members of this group. Also add the user the Zope server runs as to this group. Set up the local directories so that they are group writable, and group ownership propagates to newly created files: mkdir ~/ZopeDocs chgrp zopedocs ~/ZopeDocs chmod g+rwxs ~/ZopeDocs Make sure files that get created in this folder are group readable (at a minimum) if created from the shell either through chmod or setting the umask. Set the Zope server's umask to what you want (probably 002 - group writable, world readable) so when a file is created via Zope, it is modifiable by members of the ZopeDocs group. If you need to make sure users can't modify or access each others documents, you need to do the same thing but with a different unique group for each user (and the Zope user a member of all of them). These steps can of course be scripted and even added to the account creation procedures to make things quicker or automatic, but you need to write the script as it embodies your own security policy which is probably different to everyone elses. -- Stuart Bishop <zen@shangri-la.dropbear.id.au> http://shangri-la.dropbear.id.au/
participants (2)
-
Mario Bianchi -
Stuart Bishop