[Zope] LocalFS Security
Reinoud van Leeuwen
reinoud.v@n.leeuwen.net
Wed, 9 Oct 2002 15:38:49 +0200
On Wed, Oct 09, 2002 at 10:08:06AM +0100, Jonathan Stoneman wrote:
> Hi,
>
> We have a Zope server that out customers can have space on. We
> provide them with an folder containing a User Folder which contains
> their user. They can then do whatever they want within this space.
> We do not want to place any un-necessary limitations on what they
> can do.
>
> The problem is that we want to install the LocalFS product on the
> server. If the customers have permissions that allow them to create
> or edit LocalFS objects, then they can access any part of the local
> file system that the zope user can.
I have a setup where every website has its own zope instance. Every Zope
runs under the userid of a different client, so there is a zope starting
from /usr/local/WWW/www.client1.com/var running under client1 (directory
is owned by client1).
Advantage is that client1 can start and stop their own zope, and install
his own products (or different versions op products that are installed in
/usr/local/zope).
Additional advantage is that it is even possible to let customers run
different zope versions for different sites (/usr/local/zope/current is a
link to /usr/local/zope/2.5.1)
Zope is running behind apache with PCGI and controlled by zopectl.
--
__________________________________________________
"Nothing is as subjective as reality"
Reinoud van Leeuwen reinoud.v@n.leeuwen.net
http://www.xs4all.nl/~reinoud
__________________________________________________