[Zope-dev] interaction with local FS

[Mario Bianchi]

Hi everyone,
I'm curious in finding out how zope interacts with the server's file system: 
let's say I want to allow the users of my site to manage (read/write) their 
own files on the server's file system, does Zope support this goal anyhow?
As far as I've seen, to me the response seems to be no, it doesn't! The only 
way to access the server's file system from zope seems to be using the 
ExternalFile product, which is far from satisfactory from the point of view 
of file access rights: it only allows access to files owned by zope itself 
(or in the same group of zope's).
No way to access 'someuser''s files with the uid of 'someuser'?
Thanks,
  Mario.

_
The new MSN 8: advanced junk mail protection and 2 months FREE* 
http://join.msn.com/?page=features/junkmail


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] interaction with local FS

[Stuart Bishop]

On Tuesday, January 28, 2003, at 01:24  AM, Mario Bianchi wrote:

This thread probably belongs in the main zope mailing list.

LocalFS will let you map a local directory into Zope. AdaptableStorage
probably will too, but it will be harder to setup at the moment.


No way to access 'someuser''s files with the uid of 'someuser'?


To do this, you would need to run Zope (or any other multi user 
application for that matter, such as Apache) as a superuser. Which you 
really don't want to do. The only other possible way of doing this 
would be to start a new process for every request which changes its 
euid (using a SUID root wrapper), authenticates itself, and does what 
you want to the FileSystem. People generally gave up on this approach 
for web systems about a decade ago due to it being a performance 
nightmare, which is why nothing does this out of the box.

A better approach can come from becoming more familiar with your OS's 
group membership features. Under many Unix variants, for example, you 
can set up a group 'zopedocs', and add your users as members of
this group. Also add the user the Zope server runs as to this group. 
Set up the local directories so that they are group writable, and group 
ownership propagates to newly created files:
	mkdir ~/ZopeDocs
	chgrp zopedocs ~/ZopeDocs
	chmod g+rwxs ~/ZopeDocs

Make sure files that get created in this folder are group readable (at 
a minimum) if created from
the shell either through chmod or setting the umask. Set the Zope 
server's umask to what you want
(probably 002 - group writable, world readable) so when a file is 
created via Zope, it is modifiable
by members of the ZopeDocs group.

If you need to make sure users can't modify or access each others 
documents, you need to do the
same thing but with a different unique group for each user (and the 
Zope user a member of all of them).

These steps can of course be scripted and even added to the account 
creation procedures to make things quicker or automatic, but you need 
to write the script as it embodies your own security policy which is 
probably different to everyone elses.

--
Stuart Bishop [EMAIL PROTECTED]
http://shangri-la.dropbear.id.au/


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )