[Zope] Zope service network permissions on NT

[Andy McKay]

> IIRC, we abandoned the practice of Zope running as System Account in favor
> of running as a specific user "zope", because we would have had to give
> System Account extra privileges to access remote file systems and ODBC
> connections. That would have been a security flaw (hacking Zope's machine
> would give you access to the remote resources as well).

I try to avoid getting into that since Windows permissions drive me nuts
after a while. We have an isolated web cluster, so hacking into one Zope as
the System Account will only give you access to 2 other Zope boxes. All the
fun stuff is in a seperate domain. As anymore issues on that I couldnt tell
you...

I let the sys admins handle that, and they said running as that is fine so I
let them worry about it.

> This'll be good fodder for your Zope-on-Windows FAQ/HowTo. How that going?

Its on my list of things to do... yes, if I could just work on zope all day
long I might get to it one day :)

Cheers.
--
  Andy McKay.