[Zope-dev] root ZServer

zope at bturtle.ch zope at bturtle.ch
Wed Jan 19 04:02:19 EST 2005


On Wed, Jan 19, 2005 at 05:04:53PM +1100, Alan Milligan wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Andreas Jung wrote:
> 
> | There is zero need to relax this requirement. You only have to start
> | Zope as root
> I just explained you cannot start as root ...
> 
> | to get port 80 but it is in general not a good idea for *any* service to
> | run
> | as root for security reasons. So there is absolutely no reason to *not*
> | changing
> | the the uid of the process to a user with less permissions.
> Says you!!
> 
> I happen to be using zope to wrap a number of excellent Python rpm
> packaging scripts/modules (eg yum, mach), and as part of this process,
> need to do rpm package installs from the zope server which obviously
> requires root access.

You can solve this problem by using sudo. Make an external method that                                                                                                            
executes sudo with the commands you want (you have to use the NOPASSWD                                                                                                            
option to prevent sudo for asking for a password). This gives you both,                                                                                                           
zope running as a non privileged user and your rpm commands running as root.                                                                                                      
                                                                                                                                                                                  
regards                                                                                                                                                                           
                                                                                                                                                                                  
Stefan    

> 
> I see no reason why I should be penalised for using the excellent
> workflow features of Zope in a system programming environment.
> 
> If Zope is to be useful to the widest cross community, we really MUST
> stop this 'we know best' attitude and allow people at the coalface to
> override default behaviour as only they are in a position to evaluate
> the appropriateness of the 'security reasons'.
> 
> How about a 'yes' response this time.
> 
> Alan
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFB7fiFCfroLk4EZpkRAoDZAJ40UveUjpBGyN0/1VnUmZUQz0GctgCfa+R1
> tvE2RP5DNwa2IlEmMmX2l0g=
> =JNQg
> -----END PGP SIGNATURE-----
> _______________________________________________
> Zope-Dev maillist  -  Zope-Dev at zope.org
> http://mail.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists - 
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope )


More information about the Zope-Dev mailing list