[Zope] ExternalMethod - add new parameter

rishi pathak mailmaverick666 at gmail.com
Fri Apr 11 05:59:09 EDT 2008 

hi again,
              Let me clarify what I am doing and what is my approach till
now.
              We have a portal using which users use our compute resources.
              In zope we use NIS authentication for validating a user.We
have many things that requires root/logged in user privledeges.One example
is of a 'file system explorer'.In this I have used ZFSpath product.This
explorer is used by users to navigate through their home areas and select
what ever file they want.As of now I have changed some functions of ZFSpath
class which I was using so that they can be executed as the logged in
user(since zope does not have rwx permissions on other user's
directory).This is just one case.Hope I have cleared myself well.

On Wed, Apr 9, 2008 at 11:44 PM, Dieter Maurer <dieter at handshake.de> wrote:

> rishi pathak wrote at 2008-4-8 18:03 +0530:
> >             I dont have a need to run all the external method as root,
> only
> >some of them.
>
> I did understand this *BUT* you do not have a choice.
>
>  While a single ExternalMethod runs as "root", the complete
>  Zope process runs as root -- and this applies to all
>  requests which are run in parallel with your ExternalMethod.
>
> Please reread my former message.
>
> If you have touble to understand the terms "thread" and/or "process",
> consult Wikipedia to get some insight.
>
> > ...
> >On Tue, Apr 8, 2008 at 12:50 AM, Dieter Maurer <dieter at handshake.de>
> wrote:
> >
> >> rishi pathak wrote at 2008-4-7 17:46 +0530:
> >> >There is a requirement for running some external methods as super
> user.
> >> >For this I thought of adding a new parameter.If set the code would be
> >> >executed with effective uid of root.
> >>
> >> This is extremely dangerous.
> >>
> >> To run code as super user, you need to change the effective user id.
> >> Changing the effective user id affects the whole process -- not just
> >> the thread executing your external method.
> >> These things are very difficult to handle in a multi threaded
> environment,
> >> in general.
> >> Moreover, running internet driven code uncontrolled as super user
> >> is likely to be a big security risk.
> >>
> >>
> >> Let your application write some command to a queue and process
> >> the queue asynchronously. The processing can be performed as
> >> super user.
> >>
> >> If this is not possible, let your application communicate
> >> with another process which runs as super user -- and pass on
> >> synchronous commands from your application to this process.
> >>
> >> In both cases, it is ensured that only the restricted command
> >> set can be used to run something as super user -- and
> >> not some arbitrary code....
>
>
>
> --
> Dieter
>



-- 
Regards--
Rishi Pathak
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20080411/025c7536/attachment.htm

More information about the Zope mailing list