[Zope] start problem linux

Ng Pheng Siong ngps@post1.com
Mon, 26 Mar 2001 23:00:56 +0800


On Sun, Mar 25, 2001 at 04:05:47PM -0500, ghaley@mail.venaca.com wrote:
> 	make sure the /opt/zope/ directory and all its subdirectories have
> owner and group set to nobody.nobody (you can do this in a single
> command:  chown -R nobody.nobody /opt/zope/ ).  

Assuming /opt/zope is the Zope installation directory...

This is bad advice. At most, make var/ and the files in it owned by
nobody.nobody, so that the Zope process can write there. 

Zope executables and Python programs should not be writeable by the process
executing off them. A bug or a security vulnerability (IOW, a bug with
security implications) may permit an intruder to write to inituser/access
or do other nasty stuff TTW, if the Zope process can write to those files.

-- 
Ng Pheng Siong <ngps@post1.com> * http://www.post1.com/home/ngps