[Zope] Fishing for ISP security tips

Tim tim@CainGang.com
Fri, 11 Oct 2002 03:02:25 -0400 

I'm in the process of trying to offer Zope on a small ISP. I have it
all set up and running and am working on configuring and securing it.
I'm wondering if there's any resources out there that discuss this
sort of multi-user setup (or just anyone here with more experience who
feels in a sharing mood); especially ideas for making system secured
from the clients, and the clients secure from each other.

I've read the Zope Book. But many points regarding this sort of setup
still seem vague to me.

I'm using mod_proxy thorough apache, and have all the virtual domains
(eg. zope.theirdomain.com) redirecting to folders in Zope under a
"virtual" folder beneath the root folder. I use a SiteRoot object in
each folder. This seems to be working well. I have adjusted the
"security" settings on the "virtual" folder to hopefully prevent
clients from adding/changing some objects.

However, if possible I would like clients to be able to add acl_user
folders of their own: yet if they can do this it seems that they can
then set any roles they want on users created in those folders; and so
add any objects they want beneath that folder.

I can only see two options: don't let users manage/create acl_user
folders. Or just not worry about what objects they may create in
subfolders beneath their folder (this seems potentially dangerous, and
underdesirable... large cache objects, etc). What (I think) I would
like to do is allow users free access to create acl_user folders and
manage themselves, with the exception of being able to assign Owner or
certain other roles. Is this possible?

Another issue is that while I see I can set permissions so they can't
create more SiteRoot objects, there is no specific permission against
modifiying (or deleting) specifically the SiteRoot object.

Also if anyone has an actual list somewhere of what objects are not
safe/wise in this environment and should be restricted, it would be
quite helpful. I've just gone through the object list somewhat
haphazardly, and the decisions seem fairly obvious: but there may be
things I haven't thought of.

Any ideas or thoughts or experiences regarding the best ways to
approach this would be most welcome. I'm anxious to get Zope moving on
this ISP and promote its goodness!

-- 
Tim Middleton | Cain Gang Ltd | But the trouble was that my hysterical fit
x@veX.net     | www.Vex.Net   | could not go on for ever. --Dost (NFTU)