Yeah, this is an advantage... in this case, I could just run it as myself. But isn't this a security risk? If anyone gets my password, they get full access to the server. If zope is running under user 'zope' who is not allowed to log in, you'd need to manage to become root to do any damage - which is the same as when zope is running under nobody. That's what I imagined people are doing - using a user who does not log in. marc lindahl wrote:
Then you can log on as that user, it makes upgrading via FPT and SSH/telnet so easy! All the permissions are set correctly.
From: Itai Tavor <itai@optusnet.com.au> Date: Thu, 3 May 2001 09:16:00 +1000 To: zope@zope.org Subject: [Zope] Run Zope under nobody or real user?
Hi,
Can anyone explain the advantages (if any) of running Zope under a real user instead of under nobody?
TIA, Itai -- -- Itai Tavor -- "Je sautille, donc je suis." -- itai@optusnet.com.au -- - Kermit the Frog -- -- 'Supposing a tree fell down, Pooh, when we were underneath it?' -- -- 'Supposing it didn't,' said Pooh after careful thought. --