Hi All, We're currently working on some security issues when running zope in a INSTANCE_HOME (multiple instances running as different users) setup. The first issue is tightening of the current security. We introduced the ability to set the groupid under which the server runs, so you can put zope users in a zope group, not give non-group members read/execute permission (o-rwx) to the instance homes, zope directories, product directories, etc. These patches (along with a zopectl patch) can be found on: http://www.zope.org/Members/maurice The second issue, if z2.py is started as root, it will either setuid() to nobody, or to the username supplied with -u. However, z2.py initializes logging while still runing as root by importing/ using ZLogger. This means that the logfiles will be owned (if they did not yet exist) by root in INSTANCE_HOME/var, while you would want these to be owned by nobody or the user the instance should be running as. z2.py setuid()'s to the non-root user after (optionally) opening privileged ports. If you symlink the logfiles in INSTANCE_HOME/var to /etc (or worse, /etc/passwd or /etc/shadow), you might even be able to destroy these files or insert data into them. The correct solution would probably be something like: - run as root - seteuid(non-root-user) - intialize logging -\ - seteuid(root) } optional (only if privileged ports are required) - open priviliged ports -/ - setuid(non-root-user) (note both the setEuid and setuid calls) However, python 1.5.2 does not have seteuid() so this can/will only work with 2.0/2.1 or zope 2.4 (which requires 2.1) We don't want to run our production zope servers with python > 1.5.2, so our current patch consists of a setuid() at the top of z2.py, we don't run zope on privileged ports anyway. If anyone wants a patch for this, please mail me. Cheers, Ivo -- Drs. I.R. van der Wijk -=- Brouwersgracht 132 Amaze Internet Services V.O.F. 1013 HA Amsterdam -=- Tel: +31-20-4688336 Linux/Web/Zope/SQL Fax: +31-20-4688337 Network Solutions Web: http://www.amaze.nl/ Consultancy Email: [EMAIL PROTECTED] -=- _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )