[Zope] Zope service network permissions on NT

Loren Stafford lstafford@morphics.com
Tue, 17 Apr 2001 11:37:40 -0700


IIRC, we abandoned the practice of Zope running as System Account in favor
of running as a specific user "zope", because we would have had to give
System Account extra privileges to access remote file systems and ODBC
connections. That would have been a security flaw (hacking Zope's machine
would give you access to the remote resources as well).

How did you face that decision, or did we take a wrong turn there?

This'll be good fodder for your Zope-on-Windows FAQ/HowTo. How that going?

-- Loren

> -----Original Message-----
> From: Andy McKay [mailto:andym@ActiveState.com]
> Sent: Tuesday, April 17, 2001 10:57
> To: Loren Stafford; zope@zope.org
> Subject: Re: [Zope] Zope service network permissions on NT
>
>
> I run my Zope as "Local System account" and havent had a problem with
> reboots. I connect to ODBC databases on other boxes... Dunno about NFS
> Maestro.
>
> Cheers.
> --
>   Andy McKay.
>
>
> ----- Original Message -----
> From: "Loren Stafford" <lstafford@morphics.com>
> To: <zope@zope.org>
> Sent: Tuesday, April 17, 2001 10:30 AM
> Subject: [Zope] Zope service network permissions on NT
>
>
> > When my NT box restarts after a power failure (we have lots of these in
> > California these days), my Zope loses its ability to talk to some of the
> > other hosts on the LAN.
> >
> > I have Zope running as a service on NT 4. The Zope service runs as user
> > "zope". My Zope talks to other hosts on the LAN via:
> >
> > 1. NT filesystem (thru LocalFS product). No problem here. The
> links to the
> > other fileservers are specified in UNC format (e.g.
> > \\phoneserver\phonelist.txt). And the user "zope" has the requisite
> > permissions on all the filesystem drives used.
> >
> > 2. ODBC connections to databases on other hosts. The ODBC driver forces
> you
> > to specify connections in terms of drive mappings (e.g.
> f:\phonelist.mdb).
> > But after startup, when no one is logged in, there is no active user
> profile
> > containing drive mappings. Therefore, the ODBC connections are broken.
> >
> > 3. NFS Maestro mounts. The Maestro driver also forces you to specify
> > connections in terms of drive mappings -- with the same problems as #2.
> >
> > Does anyone know how to configure NT, Zope, or the Zope service so that
> > connection types #2 and #3 don't break when no one is logged in.
> >
> > -- Thanks
> > -- Loren
> >
> >
> > _______________________________________________
> > Zope maillist  -  Zope@zope.org
> > http://lists.zope.org/mailman/listinfo/zope
> > **   No cross posts or HTML encoding!  **
> > (Related lists -
> >  http://lists.zope.org/mailman/listinfo/zope-announce
> >  http://lists.zope.org/mailman/listinfo/zope-dev )
> >
>
>