On Wed, 21 Jul 2004 12:55:59 -0700 "Steven Hodgen" <shodgen@solomonschool.com> wrote:

I'm somewhat confused. The default install location for Zope is /opt. In order to install here, you must do it via root.

Probably. But installing and running are two different things! (And there are other options, for example, as root, you could create a zope directory, belonging to the zope installation user, whoever that may be, and then installing, as that user.) But you don't want the installation user and UID under which zope is running to be the same. If zope is installed as root, but run under user-id www-data, or user-id zope, any security hole in zope would still make it hard for the attacker to modify the zope programs.

The only thing I've done as root, is 'sudo make install', since I must. Now, the installation tutorial on 'plope.org', recommends doing it this way, although it is true that the INSTALL.txt file in doc/ does recommend not installing as root, but the default location would seem to indicate otherwise. I've seen references to installing to /usr/local, and a user's /home. Please understand that I'm not a linux expert. I have, however, been a software engineer for years, since '80, but only recently have I started exploring linux. At this point, the proper method for utilizing the linux directory hierarchy is a bit of a mystery. All I know is that I want to install Zope in a way which is most consistent with the intent of Linux Filesystem Hierarchy "standard?", which is somewhat unclear as to where third party software should be installed. It seems that /usr/local and /opt are valid locations, with /opt being, perhaps, primary.

Either would be fine, don't get too hung up on FHS. Distributions need to, so that they interoperate reasonably well, but end sysadmins simply need to do something that they understand, can document and remember.

That being the case, /opt would seem a very reasonable place to put Zope, although based on this standard Zope's log files should be somewhere in /var/log, and it's data files somewhere else in /var, since the data changes via ZMI?

Again, reasonable, but not crucial. As long as you know where it is, and which files are writable by the "zope runner" userid, and which are not, it does not really matter much.

Please overlook what may be obvious ignorance. You may well feel that Installing and running Zope is not the best tutorial for a linux newbie, but that's how I learn everything. I just jump in with both feet. I want a secure system, and perhaps 8080 is good for now, but I would want to be able to easily change to 80 without having to reinstall Zope, etc.

Almost no one really needs or want a zope running at port 80. It is considered a much safer practice to front the zope with apache or pound, both of which can do a lot of cleanup before zope handle the request.

Based on some reading, I was under the impression that it was ok to run Zope as root, since it automatically lowered it's user status to the one in zope.cfg after performing some root required initializations.

This may be true under really recent zopes. But, it is not really needed. See above. Jim Penny

Ok, I'm finished displaying my newbie status, at least for the moment. :-)

Thanks for your help and patience.

--Steven

_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )