(moved from zope-dev) Well, let's think about this... If I untar a source Zope from Zope.org into, for instance, /home/mcdonc/Zope while logged in as a nonroot user ("mcdonc"), and run "python w_pcgi.py" on the source as the same user, I'll get a working Zope via ZServer that runs under the "mcdonc" account. So far so good, I can talk to Zope running as "mcdonc" on 8080 if I want to via ZServer. Then let's say I want to make PCGI work so that we can serve Zope content via Apache. We'll assume I configure Apache via httpd.conf's User and Group directives to run as "mcdonc" and configure it to listen on port 80 via the Port directive. I'll then set up my httpd.conf rewrite rules to point to a symlink of the PCGI shellfile at /home/mcdonc/Zope/Zope.cgi in my Apache's cgi-bin directory. We'll always need to start Apache as root if it listens on port 80. Apache will spawn off several nonroot-owned processes which serve requests that run under "mcdonc" in this case. Apache's nonroot server processes should be able to read the Zope.cgi file as they're all running as "mcdonc", and "mcdonc" owns the Zope.cgi file. So far so good. So I start Apache as root via apachectl start. I do a ps -aux to see who Apache is running as, and I have five httpd processes that show the user "mcdonc" as owner and one httpd process that shows the user "root" as owner (the "manager" process). I also see that Zope's two processes are running as "mcdonc". When I visit http://127.0.0.1/Zope/manage, I am able to log in as superuser, etc. So we're successful. I've been doing this as I've been writing it to be 100% sure that this is the case... So, while it seems advisable to untar Zope as a nonroot user (so your files don't end up getting owned by one of the Pelletier clan -- pretty funny!), I don't think it's a requirement to install Zope (via "python w_pcgi.py") as root if you want to serve Zope content from Apache using PCGI. I've done the equivalent under Netscape Enterprise Server, too, and it works. I haven't set up Zope using FastCGI, so I have to claim utter ignorance there. Patrick Phalen wrote:
[Chris McDonough, on Sat, 08 Jan 2000] :: Thanks. Understood. :: :: This is a pretty good argument against installing Zope itself as the :: root user.
Well, er, ahem, hmmm ... While I know what you mean by 'install', here, it might be worth clarifying, to prevent the spread of confusion ...
This is a good argument against *untarring* Zope as root. Instead, su to nobody (or your version of nobody). Otherwise, Zope will likely be owned by one of the Pelletier clan.
OTOH, Zope should be *installed* as root *if* you're intending to run ZServer behind another web server, right?
-- Chris McDonough Digital Creations, Inc. Zope - http://www.zope.org