Lennart Regebro wrote:

I get this message when starting Zope 2.5.1b1 on Windows 98:

No you didn't, you got it on the trunk. I just double-checked. My big security patch was never checked in on the 2.5 branch.

2002-03-18T19:32:15 INFO(0) z2 Your umask of 000 may be too permissive; for the security of your Zope data, it is recommended you use 077

That's rather silly on Windows 98. :-)

I agree. I noticed this over the weekend and am testing a few more scenarios. I mistakenly assumed that os.umask wouldn't exist on non-POSIX systems, so the try: block would cover it. But instead, os.umask says 0.

A couple of questions: - Should that really be 077? That means that the owner can't read the files, but that "other" can! How can that be less permissive? 770 would make sense to me. I usually run z2.py with -u zope, and have zope own the files, and letting nobody else do scrap with them, 700, in other words. WHy would 077 be better?

First, if you don't start the number with 0, it's not octal. Second, you are confusing umasks with modes. When you create a file on UNIX its modes are 0666 & umask, directory 0777 & umask. Thus, creating a file with umask 077 results in mode 0600 (read/write only for owner). The default UNIX umask is 022, which results in a Data.fs that is readable by all. You can twiddle permissions on it, sure, but it'll turn up readable by all again when you pack the database.

- Is it silly to check for Windows? What happens on Windows NT, does that emulate umask somehow, or do you get 000 there too?

Yes, but it's not silly to check for os.name == 'posix', which I will fix on my own time later, prob. tonight.