Assuming /opt/zope is the Zope installation directory...
This is bad advice. At most, make var/ and the files in it owned by nobody.nobody, so that the Zope process can write there.
Zope executables and Python programs should not be writeable by the process executing off them. A bug or a security vulnerability (IOW, a bug with security implications) may permit an intruder to write to inituser/access or do other nasty stuff TTW, if the Zope process can write to those files.
thanks for the warning, though our sysadmin was not even aware of it (and he is the most paranoid person i know!). so, let's take a general /opt/zope directory, where you will have. drwxr-xr-x 4 nobody nobody Extensions drwxrwxr-x 4 nobody nobody ZServer -rwxr-xr-x 1 nobody nobody Zope.cgi -rw------- 1 nobody nobody access -rw-r--r-- 1 nobody nobody custom_zodb.py -rw-r--r-- 1 nobody nobody custom_zodb.pyc drwxrwxr-x 3 nobody nobody doc -rw-r--r-- 1 nobody nobody event.log drwxrwxr-x 2 nobody nobody import drwxrwxr-x 2 nobody nobody inst drwxrwxr-x 4 nobody nobody lib drwxrwxr-x 7 nobody nobody pcgi -rwx--x--x 1 nobody nobody start -rwx--x--x 1 nobody nobody stop drwxrwxr-x 2 nobody nobody utilities drwxrwxr-x 2 nobody nobody var -rw-r--r-- 1 nobody nobody w_pcgi.py -rw-r--r-- 1 nobody nobody w_pcgi.pyc -rw-r--r-- 1 nobody nobody wo_pcgi.py -rw-r--r-- 1 nobody nobody wo_pcgi.pyc -rw-r--r-- 1 nobody nobody z2.py -rw-r--r-- 1 nobody nobody z2.pyc -rw-r--r-- 1 nobody nobody zProcessManager.pid -rw-r--r-- 1 nobody nobody zpasswd.py -rw-r--r-- 1 nobody nobody zpasswd.pyc what should be owned as nobody.nobody; and who should the owner/group of the other be? i've been advising people about the owner/group based on what i understood from other literature, and i want to make sure that the advice is not creating a trap-door for crackers and other bad guys to get in. ciao! greg. Gregory Haley DBA/Web Programmer. Venaca, LLC.