-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I have a requirement to run a root uid Z2 process and was most surprised to see that line 334 of Zope/Startup/__init__.py expressly forbids this, throwing a ZConfig.ConfigurationError While it's not a good idea to configure Zope to run as root by default, isn't it completely fascist to disallow it altogether? Similarly, I'd now expect issues if I chose to attach a Z2 to a low port. As far as I'm concerned, the account policy (and port too) is clearly defined by directives in zope.conf and should be honoured - clearly someone's consciously made these configuration changes and is thus fully accepting of their potential consequences. How about relaxing this requirement? Alan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFB7d+hCfroLk4EZpkRAuBaAKCm7PnRFMDtBBVft59L5FD4gIUdfQCgtXP0 1Qi8jv96rjUGRsI/x15Rty8= =P0J4 -----END PGP SIGNATURE-----
On Tuesday 18 January 2005 9:18 pm, Alan Milligan wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
I have a requirement to run a root uid Z2 process and was most surprised to see that line 334 of Zope/Startup/__init__.py expressly forbids this, throwing a ZConfig.ConfigurationError
While it's not a good idea to configure Zope to run as root by default, isn't it completely fascist to disallow it altogether? Similarly, I'd now expect issues if I chose to attach a Z2 to a low port.
As far as I'm concerned, the account policy (and port too) is clearly defined by directives in zope.conf and should be honoured - clearly someone's consciously made these configuration changes and is thus fully accepting of their potential consequences.
How about relaxing this requirement?
Alan
Why would you need to run zope as root? You can start it as root so it can bind to a low numbered port and then it will switch to a less privelaged user for its normal operations. I can't think of a good reason right now for why a network service should be run as the root user.
--On Mittwoch, 19. Januar 2005 15:18 Uhr +1100 Alan Milligan <alan@balclutha.org> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
I have a requirement to run a root uid Z2 process and was most surprised to see that line 334 of Zope/Startup/__init__.py expressly forbids this, throwing a ZConfig.ConfigurationError
While it's not a good idea to configure Zope to run as root by default, isn't it completely fascist to disallow it altogether? Similarly, I'd now expect issues if I chose to attach a Z2 to a low port.
As far as I'm concerned, the account policy (and port too) is clearly defined by directives in zope.conf and should be honoured - clearly someone's consciously made these configuration changes and is thus fully accepting of their potential consequences.
How about relaxing this requirement?
There is zero need to relax this requirement. You only have to start Zope as root to get port 80 but it is in general not a good idea for *any* service to run as root for security reasons. So there is absolutely no reason to *not* changing the the uid of the process to a user with less permissions. -aj
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andreas Jung wrote: | There is zero need to relax this requirement. You only have to start | Zope as root I just explained you cannot start as root ... | to get port 80 but it is in general not a good idea for *any* service to | run | as root for security reasons. So there is absolutely no reason to *not* | changing | the the uid of the process to a user with less permissions. Says you!! I happen to be using zope to wrap a number of excellent Python rpm packaging scripts/modules (eg yum, mach), and as part of this process, need to do rpm package installs from the zope server which obviously requires root access. I see no reason why I should be penalised for using the excellent workflow features of Zope in a system programming environment. If Zope is to be useful to the widest cross community, we really MUST stop this 'we know best' attitude and allow people at the coalface to override default behaviour as only they are in a position to evaluate the appropriateness of the 'security reasons'. How about a 'yes' response this time. Alan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFB7fiFCfroLk4EZpkRAoDZAJ40UveUjpBGyN0/1VnUmZUQz0GctgCfa+R1 tvE2RP5DNwa2IlEmMmX2l0g= =JNQg -----END PGP SIGNATURE-----
--On Mittwoch, 19. Januar 2005 17:04 Uhr +1100 Alan Milligan <alan@balclutha.org> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Andreas Jung wrote:
| There is zero need to relax this requirement. You only have to start | Zope as root I just explained you cannot start as root ...
And I explained that Zope wants to the change the UID to a non-root account for security reasons.
| to get port 80 but it is in general not a good idea for *any* service to | run | as root for security reasons. So there is absolutely no reason to *not* | changing | the the uid of the process to a user with less permissions. Says you!!
I happen to be using zope to wrap a number of excellent Python rpm packaging scripts/modules (eg yum, mach), and as part of this process, need to do rpm package installs from the zope server which obviously requires root access.
I see no reason why I should be penalised for using the excellent workflow features of Zope in a system programming environment.
If Zope is to be useful to the widest cross community, we really MUST stop this 'we know best' attitude and allow people at the coalface to override default behaviour as only they are in a position to evaluate the appropriateness of the 'security reasons'.
To be honest: if you need another behaviour than the one implemented then fix it on your own and maybe put a patch into the Zope collector. So if someone has the same problem it can grab the patch. At least your usecase does not seem to be common so I don't think we should add such a dangerous feature (although if disabled by default) with Zope. There are also other applications e.g. postgres that refuse to run as root. If you need to perform root-level operations from within a non-rooted Zope there are enough solutions available to give the application limited root right (sudo etc....search on freshmeat). I consider your request as a YAGNI. -aj
On Wed, Jan 19, 2005 at 05:04:53PM +1100, Alan Milligan wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Andreas Jung wrote:
| There is zero need to relax this requirement. You only have to start | Zope as root I just explained you cannot start as root ...
| to get port 80 but it is in general not a good idea for *any* service to | run | as root for security reasons. So there is absolutely no reason to *not* | changing | the the uid of the process to a user with less permissions. Says you!!
I happen to be using zope to wrap a number of excellent Python rpm packaging scripts/modules (eg yum, mach), and as part of this process, need to do rpm package installs from the zope server which obviously requires root access.
You can solve this problem by using sudo. Make an external method that executes sudo with the commands you want (you have to use the NOPASSWD option to prevent sudo for asking for a password). This gives you both, zope running as a non privileged user and your rpm commands running as root. regards Stefan
I see no reason why I should be penalised for using the excellent workflow features of Zope in a system programming environment.
If Zope is to be useful to the widest cross community, we really MUST stop this 'we know best' attitude and allow people at the coalface to override default behaviour as only they are in a position to evaluate the appropriateness of the 'security reasons'.
How about a 'yes' response this time.
Alan
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFB7fiFCfroLk4EZpkRAoDZAJ40UveUjpBGyN0/1VnUmZUQz0GctgCfa+R1 tvE2RP5DNwa2IlEmMmX2l0g= =JNQg -----END PGP SIGNATURE----- _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
participants (4)
-
Alan Milligan -
Andreas Jung -
kosh -
zope@bturtle.ch