Gary Shears wrote:
> > Also keep in mind that Zope does not run as "root", so if you are
> > running on a Unix-like system such as Linux, even if Zope were fully
> > compromised an intruder would still have to find a security hole in
> > something else before it's possible to write to arbitrary files.
> I just checked the perms on zope, and it's owned by root. Started it, looked at
> the processes owned by root (ps -u root) and 'python' shows up, with the same
> PID as Is there an easy way to fix this?
> Thanks in advance.


ps -ef|grep python


ps auxww|grep python

(depending on your system; the latter is preferred).  Zope usually runs
two processes: a process manager and the real server.  The process
manager runs as root and the real server, which actually handles the
connections and talks to the file system, has many threads.  So, if
configured correctly, you should see one python process running as root
and several others running as nobody (or whataver you configured the
user to be).  The process manager just restarts the real server
automatically when it dies.


Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to