[Zope] Regaining lost privileges

Nigel Head nhead@houbits.com
Sat, 2 Sep 2000 07:40:33 +0000


Hi Andrew!

On Fri, 01 Sep 2000, you wrote
...
> I saw people asking about building 'admin' systems using Zope, this isn't
> going to be trivially possible without super user privs.

That people was me. Having looked into things a little further (but not
actually started the admin tool yet due to "day job" pressures) I've decided
to go the route (root?!) of using something like 'sudo' or 'runas'  which
allow you to provide a selection of suid scripts and specify which users are
allowed to run them (zope, in my case, I suppose).

I'm still considering the relative merits of using a sort of 'quarantine'
file/database where zope will dump requests to do things and a cron job will
poll it periodically to grab things out again and execute them.

As I wrote that,  I realise dthat it would be interesting to see if that file
couldn't be made a ZODB storage so I could transfer
structured information 'tween Zope and a python admin backend; perhaps make it
a mountable storage from the zope point of view? This would have the added
advantage of a little mild 'security through obscurity' for the file format for
casual hackers who may get near to it one day ...

--  Nigel Head Houbits Hi-Tech
Servers nhead@houbits.com