Hi, Jason. I don't know 100% which user hits the filesystem through LocalFS, but I'd assume it's whatever user is running Zope. You can change it using "-u username" in the start script in your Zope directory (of course, where "username" is substituted with a safe user choice on your part). You probably don't want Zope running as root anyway... since you don't have to be using LocalFS for things to go out into the filesystem (e.g., external methods). -Gary "Jason C. Leach" wrote:

hi,

Who does LocalFS access the actual directorys on the file system as? Whoever zope is runnin as? So if it's root it has root access?

Thanks, jason.

-- ...................... ..... Jason C. Leach ..

_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )

-- Gary Perez, (insert job title of choice) Mktg. Coord. + MIS Mgr. + Sys. Admin. Advanced Simulation Technology, inc. http://www.asti-usa.com/

Who does LocalFS access the actual directorys on the file system as? Whoever zope is runnin as? So if it's root it has root access?

Zope never starts as root. It either runs as a dedicated user (-u option in the start script) or as nobody. In both cases, LocalFS ist still really dangerous if not handled with care. Any user who is allowed to add LocalFS instances can access any file the Zope user has permissions for. That means that even "nobody" can be a problem if your Apache webserver runs as nobody, too. The only way to make the use of LocalFS more or less secure is running Zope as a dedicated user that can only write-access the var directory in the Zope instance and read the rest of the Zope instance, but has no other rights on the machine. Cheers Joachim