Re: [Zope] medusa question

[Gary Shears]

> > have regular old html
> > files that I'd like to make available without fiddling with Zope. Is that
> > possible?
> 
> Not out of the box. ZServer, which is based on Medusa, doesn't support serving
> of HTML files from the local file system, it noly serves content out of Zope
> itself.
> 
Slightly off topic, but related. Does this mean that the everything on local
file system is protected natively in zope. Short of things like buffer
overflows. What I mean is, can I somehow muck up security in Zope and
compromise my local system, or will only zope objects be affected?
 I'm an absolute newbie to zope, and still trying to get a handle on the
architecture.

Thanks,

gary

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )

[Zope] Uh, I think I goofed (running as root)

[Gary Shears]

> 
> Also keep in mind that Zope does not run as "root", so if you are
> running on a Unix-like system such as Linux, even if Zope were fully
> compromised an intruder would still have to find a security hole in
> something else before it's possible to write to arbitrary files.

I just checked the perms on zope, and it's owned by root. Started it, looked at
the processes owned by root (ps -u root) and 'python' shows up, with the same
PID as Z2.pid. Is there an easy way to fix this? 
Thanks in advance.
--gary

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )