[Zope-dev] zope and UNIX permissions

Chris McDonough chrism@digicool.com
Tue, 11 Jul 2000 22:56:21 -0400


Bill Anderson wrote:
> He seemed to be mostly griping about files that were wide open (777). On
> 2.2.0b4 the only ones I get are:
> lrwxrwxrwx    1 root     root 13 Jul 11 01:36 lib/python/ZEO/cPickle.so
> -> ../cPickle.so
> lrwxrwxrwx    1 root     root 13 Jul 11 01:36 lib/python/ZServer ->
> ../../ZServer
> srwxrwxrwx    1 root     root 0 Jul 11 02:08 var/pcgi.soc
> 
> Notes:
> o All but one of these are symbolic links.
>   No way around 777 on them.
>   No cause for alarm on them either.
> o The two symlinks are from ZEO, and thus would
>   not be in a default tarball.> 
> Now, I do *nix security for a living, and I don't have any issues with
> these few, unexposed 777's. I'd be interested to hear what the concerns,
> and how to avoid them are.

The other file (pcgi.soc) is a unix domain socket...  it gets created
when you run "python w_pcgi" as a Zope install command from the source
distribution.  I'm not sure of the danger of having this get created
777.  It might be worthwhile to look into what could be done to it.