IIRC, we abandoned the practice of Zope running as System Account in favor of running as a specific user "zope", because we would have had to give System Account extra privileges to access remote file systems and ODBC connections. That would have been a security flaw (hacking Zope's machine would give you access to the remote resources as well). How did you face that decision, or did we take a wrong turn there? This'll be good fodder for your Zope-on-Windows FAQ/HowTo. How that going? -- Loren
-----Original Message----- From: Andy McKay [mailto:andym@ActiveState.com] Sent: Tuesday, April 17, 2001 10:57 To: Loren Stafford; zope@zope.org Subject: Re: [Zope] Zope service network permissions on NT
I run my Zope as "Local System account" and havent had a problem with reboots. I connect to ODBC databases on other boxes... Dunno about NFS Maestro.
Cheers. -- Andy McKay.
----- Original Message ----- From: "Loren Stafford" <lstafford@morphics.com> To: <zope@zope.org> Sent: Tuesday, April 17, 2001 10:30 AM Subject: [Zope] Zope service network permissions on NT
When my NT box restarts after a power failure (we have lots of these in California these days), my Zope loses its ability to talk to some of the other hosts on the LAN.
I have Zope running as a service on NT 4. The Zope service runs as user "zope". My Zope talks to other hosts on the LAN via:
1. NT filesystem (thru LocalFS product). No problem here. The links to the other fileservers are specified in UNC format (e.g. \\phoneserver\phonelist.txt). And the user "zope" has the requisite permissions on all the filesystem drives used.
2. ODBC connections to databases on other hosts. The ODBC driver forces you to specify connections in terms of drive mappings (e.g. f:\phonelist.mdb). But after startup, when no one is logged in, there is no active user profile containing drive mappings. Therefore, the ODBC connections are broken.
3. NFS Maestro mounts. The Maestro driver also forces you to specify connections in terms of drive mappings -- with the same problems as #2.
Does anyone know how to configure NT, Zope, or the Zope service so that connection types #2 and #3 don't break when no one is logged in.
-- Thanks -- Loren
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )