[Zope] help

Curtis Maloney curtis@cardgate.net
Tue, 14 Nov 2000 10:11:33 +1100


On Tue, 14 Nov 2000, Gregory Haley wrote:
> Andy McKay wrote:
> > BTW: Im not a Unix guru but I dont think having everythin 777 is the most
> > secure way of maintaining your installation...
> >
> > --
> >   Andy McKay, Developer.
> >   ActiveState.
>
> Hi Andy, actually, if you are talking about permissions, this setting gives
> anyone in the world read write and execution access to your
> document(s)/directory(ies).  I think you want to set permissions as 755,
> with owner and group set to nobody (at least for the /opt/zope directory
> and sub-directories.  (allows only owner write access)  : )
>

Yes, I know we've wandered somewhat off topic, but hey... just this once.. (o8

Greg,

	Having all your dtml, html, py, pyc, doc and other files executable just 
doesn't make sense!  In fact, if you make everything 440 except for in /var, 
where you make it 640, and owned by a "zope" user, this is the safest.

Of course, it DOES mean you have to explicitly chmod any file you want to 
edit...so if you're not THAT paranoid, you could use 640 everywhere...

If you put all the files in a zope group, then you can set the permissions 
660, so only people in the Zope group can edit the files.

> ciao!
> greg.
>

Have  a better one,
	Curtis Maloney.

P.S.  sorry for rambling... i've just got into work, and not had my first 
coffee yet.. (o8