[Zope] LocalFS Security

[Jonathan Stoneman]

Hi,

We have a Zope server that out customers can have space on.  We=20
provide them with an folder containing a User Folder which contains
their user.  They can then do whatever they want within this space.
We do not want to place any un-necessary limitations on what they
can do.

The problem is that we want to install the LocalFS product on the=20
server.  If the customers have permissions that allow them to create
or edit LocalFS objects, then they can access any part of the local
file system that the zope user can. =20

We can stop them from creating and editing LocalFS objects by=20
removing the Add Local File Systems and Change Local File System=20
Properties permissions from their roles in the root folder.  The=20
customers would then have to contact us to have a LocalFS object=20
created or edited but this would be an acceptable solution.

The problem with this solution is that they can change the role that=20
their user has, or change the permissions of their folder.  Either=20
way they can get permission to create / edit LocalFS objects.  We=20
could stop them from doing this by taking away their Manage Users=20
and Change Permissions permissions, but this is not really=20
acceptable.

Is there any other way that we can install the LocalFS product and
stop users from creating / editing instances of that object?


Thanks... JOn


--
Jonathan Stoneman - Programmer - Frontier Internet Services Limited=20
Tel: 02920 820045 Fax: 02920 820038 http://www.frontier.net.uk
All statements made are subject to Frontier's Terms and Conditions=20
of Business which are available upon request.