[ZODB-Dev] ZEO signal feature
Toby Dickenson
tdickenson@geminidataloggers.com
Wed, 2 Oct 2002 07:37:12 +0100
(I trimmed the cc list)
On Tuesday 01 Oct 2002 9:04 pm, Christian Reis wrote:
> On Thu, Sep 26, 2002 at 02:08:46PM +0100, Toby Dickenson wrote:
> > > zeo and stunnel in the root-priviledged port range
> >
> > Yes, but having zeo start with root privelidges is more risky than n=
ot
> > doing so. I agree, in many cases it is a worthwhile risk.
>
> Note that it only *starts* as root, and drops back to normal privs if
> you use runzeo with the -u switch.
Yes, but it still drops root privelidges a little too late for my liking.=
Both=20
ZEO and Zope open log files as root, and Zope (but not ZEO) even opens th=
e=20
storage as root.
Also, I often use cvs versions of ZEO and Zope. I dont want to open the=20
possibility of giving root access to anyone with zope.org CVS commit acce=
ss,=20
or if any of those users cvs keys are compromised.
All that just so that it can listen on a low numbered port?=20