[Zope] localfs, how to secure for homedirs...

Jaroslav Lukesh lsh@wo.cz
Fri, 21 Mar 2003 10:15:01 -0000

: Odes=EDlatel: Jim Penny <jpenny@universal-fasteners.com>
: Localfs objects have to be readable (at least) by the userid that zope
: is running as.  Zope should not be run as root, for a variety of good
: reasons.  Presumably your users own their own files, and in a modern
: system, are proably in individual groups.

Another solution - what about samba server at local machine and smbfs
mounted to the same machine?

localfs_user1 --> smbfs_mountedfolder_user1 --> /home/user1
localfs_user2 --> smbfs_mountedfolder_user2 --> /home/user2

Mounting like (single line):

mount -t smbfs -o uid=3Dxxx,gid=3Dxxx,username=3Duser1,password=3Dffffff
//localhost/mountpointuser1 /zope_localfs/user1

You only need to hide this file from reading at all, allow executing only=
Rights like --x--x--x root root=20

I was used years ago this similar solution for multiple thin dosemu