On Thu, Mar 20, 2003 at 03:52:45PM -0500, Meehan, Francois wrote:
Hi all,
I want to implement localfs to give users remote access to their home directories. I want to create a localfs object per user. How can I secure this, so a given user can only see his own stuff and prevent the others for accessing it?
Are roles the answers?
I'd use the "Owner" role. Set the permissions on each user's stuff so that Owner can do the necessary stuff, and make that user the owner. But there's another problem. Do you mean "home directory" as in /home/some_user on unix? That's risky. The zope process runs as a user - the userr that starts the process - and in order to read things in different directories under /home you'd have to make them all readable (and, if you want to be able to add stuff to each LocalFS, writeable!) by that one user. Making it writable is bad. If a malicious user were to gain managment privileges of your zope, they would then have read/write access to ANY user's home directory! -- Paul Winkler http://www.slinkp.com Look! Up in the sky! It's ANTI GOD! (random hero from isometric.spaceninja.com)