[Zope-dev] Opinions wanted: clean installation (was distribut ion)

Toby Dickenson tdickenson@geminidataloggers.com
Tue, 6 Nov 2001 13:45:04 -0000


> -----Original Message-----
> From: Behrens Matt - Grand Rapids [mailto:Matt.Behrens@Kohler.Com]
> Sent: 06 November 2001 13:12
> To: tdickenson@geminidataloggers.com
> Cc: Matt Behrens; zope-dev@zope.org
> Subject: Re: [Zope-dev] Opinions wanted: clean installation (was
> distribution)
> 
> 
> Toby Dickenson wrote:
> 
> > Do you really want products and extensions in VARDIR? To me 
> they feel
> > more like configuration, and less like data.
> > 
> > My preference:
> > 
> > XXX/etc/zope/INSTANCE/Products    : containing symlinks to
> > XXX/lib/zope/AllZopeProducts      : containing products
> > 
> > My second preference:
> > 
> > XXX/lib/zope/INSTANCE/Products    : containing products
> > 
> > But I really dont like:
> > 
> > XXX/var/zope/INSTANCE/Products    : containing products
> 
> 
> I think the biggest problem with this setup is that installation of 
> additional products should be able to be done without permission to 
> modify the base installation.

I dont think this is a problem, because of a complication that I havent told
you about yet

I actually use two user accounts per instance, called "myinstance" and
"myinstancemaster". zope runs under the "myinstance" user account, and that
user can only write to the equivalent of VARDIR. Any installation changes
are performed under "myinstancemaster". 

the "myinstancemaster" user can write to the equivalent of
XXX/etc/zope/INSTANCE for his own instance, where he can create symlinks to
common products, symlinks to his own products, or indeed create whole
product directories for things that will never be shared between different
instances.

I also allow the instancemaster to choose which version of zope to use, with
a symlink in the equivalent of XXX/etc/zope/INSTANCE directory


>  There is work afoot to make products 
> installable TTW, too, so the running user must have permission to 
> install his own products for this to work properly.

That is a very bad idea from a security point of view, for the same reason
that we dont allow TTW editing of external methods.

For the same reason, I do not allow the "myinstance" user (the user of the
zope process) to write to the Extensions directory where external methods
are stored.

> Given this, VARDIR is really the only hierarchy we can count on to be 
> writable at all (BINDIR/LIBDIR should be writable only at OS-level 
> package installation time, and ETCDIR can be locked down by 
> the sysadmin 
> for normal operation).

Thats true if ETCDIR==/etc and LIBDIR==/lib, but I had been assuming that
was unlikely. Had you not?

Indeed, I dont think that works in your proposal. Zope need to write
inituser while it is running, if that file is ever to be of use. I also
think its unlikely we would want to lock the 'access' file so tightly.

As for VARDIR==/var.... well, maybe.