[Zope-Coders] new zLOG

[Chris McDonough]

On Tue, 2002-11-26 at 11:49, Guido van Rossum wrote:
> I thought that the log configuration was going to be under ZConfig
> control?  For a prototype of how it might work, see load_logconf() in
> ZEO/runsvr.py in the CVS trunk.  Then zdaemon and ZEO can each have
> their own log file (as they should, IMO).

This sounds (and looks) great.  We're on the same page, then.  Once we
get more of the ZConfig stuff fleshed out, we can change zLOG (or at
least the apps that call zLOG) to support config-file-based
configuration, then?

> BTW, ZEO/runsvr.py currently doesn't do any uid management, and
> consequently won't let you use a port number under 1024, unless you
> run the entire process as root.  Because running as root is a bad
> idea, this mean you can't use ports under 1024.  Is this okay?  The
> same holds for ZEO/start.py, so I don't think there would be a
> problem, but one never knows.

Actually, ZEO's start.py does do a setuid to nobody (which is what bit
me yesterday).  It has the same problems as Zope in this respect.

IMO, the only reason to support an effective user in ZEO is to make it
easy to run via a UNIX rc script securely without needing to do tricks
like 'su - zope -c "zeostart"'.  I think this is a pretty big reason,
however, because it bites so many people (including the majority of our
customers), so it may be something we want to think about for runsrvr.py
and (if its not going away) start.py.

- C