[Zope-dev] root ZServer

Andreas Jung lists at andreas-jung.com
Wed Jan 19 00:46:32 EST 2005



--On Mittwoch, 19. Januar 2005 15:18 Uhr +1100 Alan Milligan 
<alan at balclutha.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> I have a requirement to run a root uid Z2 process and was most surprised
> to see that line 334 of Zope/Startup/__init__.py expressly forbids this,
> throwing a ZConfig.ConfigurationError
>
> While it's not a good idea to configure Zope to run as root by default,
> isn't it completely fascist to disallow it altogether?  Similarly, I'd
> now expect issues if I chose to attach a Z2 to a low port.
>
> As far as I'm concerned, the account policy (and port too) is clearly
> defined by directives in zope.conf and should be honoured - clearly
> someone's consciously made these configuration changes and is thus fully
> accepting of their potential consequences.
>
> How about relaxing this requirement?


There is zero need to relax this requirement. You only have to start Zope 
as root
to get port 80 but it is in general not a good idea for *any* service to run
as root for security reasons. So there is absolutely no reason to *not* 
changing
the the uid of the process to a user with less permissions.

-aj


More information about the Zope-Dev mailing list