[Zope-dev] Configurable Blob Permissions ZODB
Hi, Refering to this bug report https://bugs.launchpad.net/zodb/+bug/683751 And this usecases http://stackoverflow.com/questions/6168566/collective-xsendfile-zodb-blobs-and-unix-file-permissions It would be great if create mode of blobs would be configurable in ZODB directly. For UNIX Systems there could be 2 flags for folder creation mode and blob file permissions, i.e. BLOB_FOLDER_MODE = 750 BLOB_FILE_PERMISSIONS = stat.S_IRUSR | stat.S_IRGRP which are used then at the appropriate places. See here: http://pastebin.com/wNLYyXvw I don't know how this refers to NTFS, though. Further this configuration flags should be available in ZOPE and ZEO Server configuration files. Any doubts, suggestions, other ideas? Regards, Robert -- Robert Niederreiter Squarewave Computing Aflingerstraße 19 A-6176 Völs Tel: +43 699 160 20 192 Web: http://www.squarewave.at ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Configurable Blob Permissions ZODB
On Fri, Jun 17, 2011 at 4:53 AM, Robert Niederreiter wrote: > Hi, > > Refering to this bug report > > https://bugs.launchpad.net/zodb/+bug/683751 > > And this usecases > > http://stackoverflow.com/questions/6168566/collective-xsendfile-zodb-blobs-and-unix-file-permissions > > It would be great if create mode of blobs would be configurable in ZODB > directly. > > For UNIX Systems there could be 2 flags for folder creation mode and > blob file permissions, i.e. > > BLOB_FOLDER_MODE = 750 > BLOB_FILE_PERMISSIONS = stat.S_IRUSR | stat.S_IRGRP > > which are used then at the appropriate places. > See here: http://pastebin.com/wNLYyXvw > > I don't know how this refers to NTFS, though. > > Further this configuration flags should be available in ZOPE and ZEO > Server configuration files. > > Any doubts, suggestions, other ideas? -1 for a new configuration option. I would rather just have write permission *only* removed from committed blob files. Read permissions should be controlled by existing mechanisms such as umask. Jim -- Jim Fulton http://www.linkedin.com/in/jimfulton ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Configurable Blob Permissions ZODB
On Fri, Jun 17, 2011 at 2:06 PM, Jim Fulton wrote: > On Fri, Jun 17, 2011 at 4:53 AM, Robert Niederreiter > wrote: >> Any doubts, suggestions, other ideas? > > -1 for a new configuration option. > > I would rather just have write permission *only* removed > from committed blob files. Read permissions should be controlled > by existing mechanisms such as umask. +1 on Jim's suggestion - much simpler :) Hanno ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Configurable Blob Permissions ZODB
Am Freitag, den 17.06.2011, 08:06 -0400 schrieb Jim Fulton: > > Any doubts, suggestions, other ideas? > > -1 for a new configuration option. > > I would rather just have write permission *only* removed > from committed blob files. Read permissions should be controlled > by existing mechanisms such as umask. So changing the creation mode for folders to 755 and for blobs to 444 would be the solution then. right? Has this a chance to get into the next ZODB release? Robert > > Jim > -- Robert Niederreiter Squarewave Computing Aflingerstraße 19 A-6176 Völs Tel: +43 699 160 20 192 Web: http://www.squarewave.at ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Configurable Blob Permissions ZODB
On Fri, Jun 17, 2011 at 8:45 AM, Robert Niederreiter wrote: > Am Freitag, den 17.06.2011, 08:06 -0400 schrieb Jim Fulton: >> > Any doubts, suggestions, other ideas? >> >> -1 for a new configuration option. >> >> I would rather just have write permission *only* removed >> from committed blob files. Read permissions should be controlled >> by existing mechanisms such as umask. > > So changing the creation mode for folders to 755 and for blobs to 444 > would be the solution then. right? No. Use the default mode for folders and files, but removing write access on committed blob files. > Has this a chance to get into the next ZODB release? Of course, but it's not a priority for me personally. I'd be happy to review a patch with tests. I'd even consider this a bug fix, rather than a feature, so it could get into a 3.10 release. Jim -- Jim Fulton http://www.linkedin.com/in/jimfulton ___ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )