Hi all, it is possible security hole or I have misconfigured security in my Zope server? All users who has authorized access should have do SHUTDOWN action http://usr:pwd@localhost:8080/Control_Panel?manage_shutdown:action=Shutdown Note that "user" is defined only for virtual subweb /www/www.domain.cz and is in group "editor" that exists only in that subweb. Regards J. Lukesh