On Tuesday, January 28, 2003, at 01:24 AM, Mario Bianchi wrote: This thread probably belongs in the main zope mailing list.
LocalFS will let you map a local directory into Zope. AdaptableStorage probably will too, but it will be harder to setup at the moment.
To do this, you would need to run Zope (or any other multi user application for that matter, such as Apache) as a superuser. Which you really don't want to do. The only other possible way of doing this would be to start a new process for every request which changes its euid (using a SUID root wrapper), authenticates itself, and does what you want to the FileSystem. People generally gave up on this approach for web systems about a decade ago due to it being a performance nightmare, which is why nothing does this out of the box.No way to access 'someuser''s files with the uid of 'someuser'?
A better approach can come from becoming more familiar with your OS's group membership features. Under many Unix variants, for example, you can set up a group 'zopedocs', and add your users as members of
this group. Also add the user the Zope server runs as to this group. Set up the local directories so that they are group writable, and group ownership propagates to newly created files:
mkdir ~/ZopeDocs
chgrp zopedocs ~/ZopeDocs
chmod g+rwxs ~/ZopeDocs
Make sure files that get created in this folder are group readable (at a minimum) if created from
the shell either through chmod or setting the umask. Set the Zope server's umask to what you want
(probably 002 - group writable, world readable) so when a file is created via Zope, it is modifiable
by members of the ZopeDocs group.
If you need to make sure users can't modify or access each others documents, you need to do the
same thing but with a different unique group for each user (and the Zope user a member of all of them).
These steps can of course be scripted and even added to the account creation procedures to make things quicker or automatic, but you need to write the script as it embodies your own security policy which is probably different to everyone elses.
--
Stuart Bishop <[EMAIL PROTECTED]>
http://shangri-la.dropbear.id.au/
_______________________________________________
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists - http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
