[Zope] Run Zope under nobody or real user?
Thu, 3 May 2001 11:37:20 +1000
Yeah, this is an advantage... in this case, I could just run it as
myself. But isn't this a security risk? If anyone gets my password,
they get full access to the server. If zope is running under user
'zope' who is not allowed to log in, you'd need to manage to become
root to do any damage - which is the same as when zope is running
That's what I imagined people are doing - using a user who does not log in.
marc lindahl wrote:
>Then you can log on as that user, it makes upgrading via FPT and SSH/telnet
>so easy! All the permissions are set correctly.
> > From: Itai Tavor <email@example.com>
>> Date: Thu, 3 May 2001 09:16:00 +1000
>> To: firstname.lastname@example.org
>> Subject: [Zope] Run Zope under nobody or real user?
>> Can anyone explain the advantages (if any) of running Zope under a
>> real user instead of under nobody?
> > TIA, Itai
Itai Tavor -- "Je sautille, donc je suis." --
email@example.com -- - Kermit the Frog --
-- 'Supposing a tree fell down, Pooh, when we were underneath it?' --
-- 'Supposing it didn't,' said Pooh after careful thought. --