[Zope] default permissions for products

Jamie Heilman jamie@audible.transient.net
Mon, 9 Jun 2003 12:06:14 -0700


Robert Nagle wrote:
> When adding new products to the install directory,
> what permission should the new files and directory be?

Directories and files should only be readable by the zope process.
Given that, the norm is to let directories be 0755 and files 0644,
ownership of root:root unless system policies dictate otherwise.
Frequently system policies will allocate a group for the management of
Zope products, extensions, etc.  Under those circumstances its
not uncommon to see ownership of root:staff where staff is the group
name given to the zope managers, and directory modes to be 02775
allowing for staff members to administrate an instance's products.
IOW, permissions and ownership are whatever they need to be, but the
zope process needn't (and shouldn't) have write access to any of it.

-- 
Jamie Heilman                   http://audible.transient.net/~jamie/
"...thats the metaphorical equivalent of flopping your wedding tackle 
 into a lion's mouth and flicking his lovespuds with a wet towel, pure 
 insanity..."						-Rimmer