hi again, Let me clarify what I am doing and what is my approach till now. We have a portal using which users use our compute resources. In zope we use NIS authentication for validating a user.We have many things that requires root/logged in user privledeges.One example is of a 'file system explorer'.In this I have used ZFSpath product.This explorer is used by users to navigate through their home areas and select what ever file they want.As of now I have changed some functions of ZFSpath class which I was using so that they can be executed as the logged in user(since zope does not have rwx permissions on other user's directory).This is just one case.Hope I have cleared myself well. On Wed, Apr 9, 2008 at 11:44 PM, Dieter Maurer <dieter@handshake.de> wrote:
rishi pathak wrote at 2008-4-8 18:03 +0530:
I dont have a need to run all the external method as root,
only
some of them.
I did understand this *BUT* you do not have a choice.
While a single ExternalMethod runs as "root", the complete Zope process runs as root -- and this applies to all requests which are run in parallel with your ExternalMethod.
Please reread my former message.
If you have touble to understand the terms "thread" and/or "process", consult Wikipedia to get some insight.
... On Tue, Apr 8, 2008 at 12:50 AM, Dieter Maurer <dieter@handshake.de> wrote:
rishi pathak wrote at 2008-4-7 17:46 +0530:
There is a requirement for running some external methods as super user. For this I thought of adding a new parameter.If set the code would be executed with effective uid of root.
This is extremely dangerous.
To run code as super user, you need to change the effective user id. Changing the effective user id affects the whole process -- not just the thread executing your external method. These things are very difficult to handle in a multi threaded environment, in general. Moreover, running internet driven code uncontrolled as super user is likely to be a big security risk.
Let your application write some command to a queue and process the queue asynchronously. The processing can be performed as super user.
If this is not possible, let your application communicate with another process which runs as super user -- and pass on synchronous commands from your application to this process.
In both cases, it is ensured that only the restricted command set can be used to run something as super user -- and not some arbitrary code....
-- Dieter
-- Regards-- Rishi Pathak