[Zope] installation security best practice question
Luca Olivetti
luca at wetron.es
Tue Mar 14 10:13:54 EST 2006
En/na Jens Vagelpohl ha escrit:
>
> On 14 Mar 2006, at 14:09, Luca Olivetti wrote:
>
>> En/na Jens Vagelpohl ha escrit:
>>
>>> The best way to install and run Zope is to have a dedicated user
>>> account and install and run it as that user. Most everything else
>>> will lead to problems and frustration.
>>
>> Only because the zope-2.8.6 tarball has wrong permissions. It worked
>> before, it will work once you fix the permission on the installed zope.
>
> The advice has nothing to do with Zope 2.8.6 or any other tarball.
> Trying to be overly clever and not using a dedicated account for both
> installation and running your Zope doesn't add much security, it only
> adds complication.
But one zope instance doesn't need write access to zope itself, only to
the instance directory. It needs read access though, and it's not setup
this way by the latest zope, so I think that the problem of the OP come
from this change in permissions in the tarball.
> Unless you install software that lets users write to
> the file system through the web people cannot get to the filesystem.
I usually install zope as root to /usr/local, then setup (or actually
use the already set up) instances for two different users, one for
production and the other for testing, so I don't want to install as the
same user, since I don't want to duplicate the zope installation, only
the instance, and that should be possible (in fact it has been until
now) without compromising security.
Bye
--
Luca Olivetti
Wetron Automatización S.A. http://www.wetron.es/
Tel. +34 93 5883004 Fax +34 93 5883007
More information about the Zope
mailing list