Who does LocalFS access the actual directorys on the file system as? Whoever zope is runnin as? So if it's root it has root access?
Zope never starts as root. It either runs as a dedicated user (-u option in the start script) or as nobody. In both cases, LocalFS ist still really dangerous if not handled with care. Any user who is allowed to add LocalFS instances can access any file the Zope user has permissions for. That means that even "nobody" can be a problem if your Apache webserver runs as nobody, too. The only way to make the use of LocalFS more or less secure is running Zope as a dedicated user that can only write-access the var directory in the Zope instance and read the rest of the Zope instance, but has no other rights on the machine. Cheers Joachim