rishi pathak wrote at 2008-4-7 17:46 +0530: >There is a requirement for running some external methods as super user. >For this I thought of adding a new parameter.If set the code would be >executed with effective uid of root.
This is extremely dangerous. To run code as super user, you need to change the effective user id. Changing the effective user id affects the whole process -- not just the thread executing your external method. These things are very difficult to handle in a multi threaded environment, in general. Moreover, running internet driven code uncontrolled as super user is likely to be a big security risk. Let your application write some command to a queue and process the queue asynchronously. The processing can be performed as super user. If this is not possible, let your application communicate with another process which runs as super user -- and pass on synchronous commands from your application to this process. In both cases, it is ensured that only the restricted command set can be used to run something as super user -- and not some arbitrary code.... -- Dieter _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )