[Zope] Re: installation security best practice question

Tres Seaver tseaver at palladion.com
Tue Mar 14 08:45:04 EST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

JulianRead wrote:
> I have tried this method  i have made a zope instance as a dedicated user the
> owner of this file is that of the dedicated user. 
> 
> when i go to run zope as this user i get an error message saying that there
> is an error opening a file in the install directory ( not the zope instance) 
> if i change the permssions on that file i get an error saying that there is
> an error opening another file (in the install directory).
> 
> any ideas how i can avoid this.

The Zope user needs to be able to read every file under the install
directory.  Those files are "software", and should be safe to make world
readable, e.g.:

  # chmod -R a+r /path/to/installed/zope

The Zope user needs *write* access only into the 'var' and 'log'
subdirectories of the instance, but must have read access to the whole
instance.

Tres.
- --
===================================================================
Tres Seaver          +1 202-558-7113          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEFsjg+gerLs4ltQ4RAsUoAJ9KQgxtYKqMyTFwX6HeF2rYbGavvQCfcwGq
SJPdrmowKRyb8dUNyCihCCo=
=0RLo
-----END PGP SIGNATURE-----



More information about the Zope mailing list