[Zope-dev] Problem in ZGadflyDA/__init__.py

Gregor Hoffleit flight@hoffleit.de
Mon, 10 Apr 2000 19:54:10 +0200


--W/nzBZO5zC0uMSeA
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

There's a small but sometimes fatal problem in ZGadflyDA/__init__.py:

__init__.py currently checks for the presence of a gadfly directory in
Zope's var directory, and creates it if it's not yet there:

  j=3Dos.path.join
  d=3Dj(j(INSTANCE_HOME,'var'),'gadfly')
  if not os.path.exists(d):
      os.mkdir(d)
      os.mkdir(j(d,'demo'))

Now if you start up z2.py as root, since __init__.py is called *before*
z2.py tries to setuid/setgid, the gadfly directory will be created with the
original uid and gid, i.e. root.

Depending on the umask, this leaves the Zope process with insufficient
permissions to access the gadfly directory.

The suggested change is easy: Similar code is already in ZGadflyDA/db.py, so
it should be safe to remove the lines above from ZGadflyDA/__init__.py.

    Gregor
   =20

--W/nzBZO5zC0uMSeA
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE48hVB3eVfDf25G40RAaiSAJ98ee1+pl2VxmsqwfTU/nvJ0L3iqACeNnfh
S7fw0edNlG0mgI95z/IVduo=
=CUp6
-----END PGP SIGNATURE-----

--W/nzBZO5zC0uMSeA--