[Zope] installation security best practice question
Jens Vagelpohl
jens at dataflake.org
Tue Mar 14 09:39:10 EST 2006
On 14 Mar 2006, at 14:09, Luca Olivetti wrote:
> En/na Jens Vagelpohl ha escrit:
>
>> The best way to install and run Zope is to have a dedicated user
>> account and install and run it as that user. Most everything else
>> will lead to problems and frustration.
>
> Only because the zope-2.8.6 tarball has wrong permissions. It
> worked before, it will work once you fix the permission on the
> installed zope.
The advice has nothing to do with Zope 2.8.6 or any other tarball.
Trying to be overly clever and not using a dedicated account for both
installation and running your Zope doesn't add much security, it only
adds complication. Unless you install software that lets users write
to the file system through the web people cannot get to the filesystem.
jens
More information about the Zope
mailing list