to completely circumvent all this you should look into using "su" in your script to launch the process as your zope user. something like... su - zope -c "/my/python /my/zope/xyz" jens On Friday, Dec 13, 2002, at 13:29 US/Eastern, Phil Schumm wrote:

Hi,

I have for some time been running Zope 2.5.1 on OS X. I have been using a startup script to launch Zope automatically (i.e., as a Mac OS service), which means that I am starting it as root. Following the advice I have read, I set up a restricted user called "zope", and am using the -u flag in the start script to have Zope change to user "zope" after it is launched. Indeed, when I view the active processes (e.g., using the ProcessViewer application), I see that one of the two has switched to user "zope."

Recently, I installed Zope 2.6 on a new machine running Jaguar (i.e., OS 10.2). Following the instructions in doc/SETUID.txt, I changed the owner of var to root, set it's sticky bit, and added the -u flag in the start script (i.e., -u zope). Zope starts fine (and works fine), but now when I look in the ProcessViewer, it appears that both Zope processes are still running as root. Does this mean that Zope is not actually "setuid()"ing correctly to the user I have specified with the -u flag? Am I overlooking something obvious here?

Thanks for any insights,

-- Phil

_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )