[Zope] ExternalMethod - add new parameter
There is a requirement for running some external methods as super user. For this I thought of adding a new parameter.If set the code would be executed with effective uid of root. Can some one point to the code section where zope loads the ExternalMethod codes for execution. -- Regards-- Rishi Pathak ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ExternalMethod - add new parameter
Hi Dieter, I dont have a need to run all the external method as root, only some of them. For this what I was thinking was to introduce a new control apart from the regular ones. viz id , title , Module Name and Function Name by name of 'Run as root', it would probably be a checkbox.Then at the point when external method code is executed I would check for the said control and if checked would get it executed as root. Can you telll me where should I look in the source(Code segment where external methods are loaded and executed) On Tue, Apr 8, 2008 at 12:50 AM, Dieter Maurer [EMAIL PROTECTED] wrote: rishi pathak wrote at 2008-4-7 17:46 +0530: There is a requirement for running some external methods as super user. For this I thought of adding a new parameter.If set the code would be executed with effective uid of root. This is extremely dangerous. To run code as super user, you need to change the effective user id. Changing the effective user id affects the whole process -- not just the thread executing your external method. These things are very difficult to handle in a multi threaded environment, in general. Moreover, running internet driven code uncontrolled as super user is likely to be a big security risk. Let your application write some command to a queue and process the queue asynchronously. The processing can be performed as super user. If this is not possible, let your application communicate with another process which runs as super user -- and pass on synchronous commands from your application to this process. In both cases, it is ensured that only the restricted command set can be used to run something as super user -- and not some arbitrary code -- Dieter -- Regards-- Rishi Pathak National PARAM Supercomputing Facility Center for Development of Advanced Computing(C-DAC) Pune University Campus,Ganesh Khind Road Pune-Maharastra ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ExternalMethod - add new parameter
hi again, Let me clarify what I am doing and what is my approach till now. We have a portal using which users use our compute resources. In zope we use NIS authentication for validating a user.We have many things that requires root/logged in user privledeges.One example is of a 'file system explorer'.In this I have used ZFSpath product.This explorer is used by users to navigate through their home areas and select what ever file they want.As of now I have changed some functions of ZFSpath class which I was using so that they can be executed as the logged in user(since zope does not have rwx permissions on other user's directory).This is just one case.Hope I have cleared myself well. On Wed, Apr 9, 2008 at 11:44 PM, Dieter Maurer [EMAIL PROTECTED] wrote: rishi pathak wrote at 2008-4-8 18:03 +0530: I dont have a need to run all the external method as root, only some of them. I did understand this *BUT* you do not have a choice. While a single ExternalMethod runs as root, the complete Zope process runs as root -- and this applies to all requests which are run in parallel with your ExternalMethod. Please reread my former message. If you have touble to understand the terms thread and/or process, consult Wikipedia to get some insight. ... On Tue, Apr 8, 2008 at 12:50 AM, Dieter Maurer [EMAIL PROTECTED] wrote: rishi pathak wrote at 2008-4-7 17:46 +0530: There is a requirement for running some external methods as super user. For this I thought of adding a new parameter.If set the code would be executed with effective uid of root. This is extremely dangerous. To run code as super user, you need to change the effective user id. Changing the effective user id affects the whole process -- not just the thread executing your external method. These things are very difficult to handle in a multi threaded environment, in general. Moreover, running internet driven code uncontrolled as super user is likely to be a big security risk. Let your application write some command to a queue and process the queue asynchronously. The processing can be performed as super user. If this is not possible, let your application communicate with another process which runs as super user -- and pass on synchronous commands from your application to this process. In both cases, it is ensured that only the restricted command set can be used to run something as super user -- and not some arbitrary code -- Dieter -- Regards-- Rishi Pathak ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Convert absolute path to File object
In a script python I need to a read a File stored in ZODB at some location. In the said script I only have absolute path of File object as string for e.g. '/path/to/file/object' The only way seems is to convert path string so that it can be accessed using container.path.to.file.object.data Can anyone suggest a method to do so. -- Regards-- Rishi Pathak Pune-Maharastra ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
