[chown-zeo]
# This recipe is used to set permissions -- and ownership for root mode installs
# For options see http://pypi.python.org/pypi/plone.recipe.command
#
# Re http://developer.apple.com/mac/library/documentation/Darwin/Reference/ManPages/man1/chmod.1.html
# the lines below should be good for Mac OS X 10.6 (Snow Leopard)
# and for other versions of the OS that support Access Control Lists (ACLs).
#
# For troubleshooting purposes: the mode for directories within
# ${buildout:directory}/var may be relaxed from 700 to 705, allowing the
# structure (only) to be viewed quickly and without restriction.
#
# Having both users (zeoserver and client) in the ACL provides leeway,
# should an administrator or process inadvertently change ownership to root.
recipe = plone.recipe.command
command =
chmod 600 .installed.cfg
find ${buildout:eggs-directory} -type d -name LC_MESSAGES -exec chown ${client1:effective-user} {} \;
touch ${buildout:directory}/var/zeoserver/zeoserver.log
chown -R ${client1:effective-user} ${buildout:directory}/var
find ${buildout:directory}/var -type f -exec chmod 600 {} \;
find ${buildout:directory}/var -type d -exec chmod 700 {} \;
chmod -R -N ${buildout:directory}/var
find ${buildout:directory}/var -type d -exec chmod +a# 0 "${client1:effective-user} allow list,search,add_file,add_subdirectory,delete,delete_child" {} \;
find ${buildout:directory}/var -type f -exec chmod +a# 0 "${client1:effective-user} allow read,write,append" {} \;
find ${buildout:directory}/var -type d -exec chmod +a# 1 "${zeoserver:effective-user} allow list,search,add_file,add_subdirectory,delete,delete_child" {} \;
find ${buildout:directory}/var -type f -exec chmod +a# 1 "${zeoserver:effective-user} allow read,write,append" {} \;
chmod o+rX ${buildout:directory}/var
chmod o+r ${buildout:directory}/var/README.txt
update-command = ${chown-zeo:command}