Re: [Zope] Problems starting ZEO with zeoctl
----- Original Message ----- From: "Ben" <shadroth@gmail.com> To: "Jonathan" <dev101@magma.ca> Sent: Saturday, September 02, 2006 10:02 AM Subject: Re: [Zope] Problems starting ZEO with zeoctl
On 9/2/06, Jonathan <dev101@magma.ca> wrote:
The zeo.conf that I am running (Zope 2.9.2) has the 'user' entry commented out:
[...]
I don't usually run zeoctl manually (my CentOS 4.3 system starts it at boot time), but when I do I am running as 'root' and it works fine.
What is the security risk with doing this?
If you're running behind a firewall you could set your firewall so that port 8100 is blocked from outside access (ie. only your zeo client and zeo server, running behind the firewall, can communicate on port 8100 - or whatever port you have zeo configured to use)
On 9/3/06, Jonathan <dev101@magma.ca> wrote:
If you're running behind a firewall you could set your firewall so that port 8100 is blocked from outside access (ie. only your zeo client and zeo server, running behind the firewall, can communicate on port 8100 - or whatever port you have zeo configured to use)
I was planning on doing this anyway, but I was thinking more about how the ZEO server process might be able to run amok if it was run as root, but if it was run as a regular user then it would be more limited in what it could do. I'm not sure how likely this is, I just want to know what risks I am accepting by having the convenience of running the ZEO server as a daemon. Thank you for your help with troubleshooting these problems, it is much appreciated. Ben
----- Original Message ----- From: "Ben" <shadroth@gmail.com> To: "Jonathan" <dev101@magma.ca> Cc: <zope@zope.org> Sent: Saturday, September 02, 2006 10:39 AM Subject: Re: [Zope] Problems starting ZEO with zeoctl
On 9/3/06, Jonathan <dev101@magma.ca> wrote:
If you're running behind a firewall you could set your firewall so that port 8100 is blocked from outside access (ie. only your zeo client and zeo server, running behind the firewall, can communicate on port 8100 - or whatever port you have zeo configured to use)
I was planning on doing this anyway, but I was thinking more about how the ZEO server process might be able to run amok if it was run as root, but if it was run as a regular user then it would be more limited in what it could do.
I have never heard of a case where a rogue zeo server process ran 'amok' ;-)
I'm not sure how likely this is, I just want to know what risks I am accepting by having the convenience of running the ZEO server as a daemon.
Thank you for your help with troubleshooting these problems, it is much appreciated.
Your welcome. Jonathan
participants (2)
-
Ben -
Jonathan