[Zope] Re: Zope-2.0.1 RPMs: Recommend permission change on /var/zope/access ...

Jeff Rush Jeff Rush" <jrush@timecastle.net
Fri, 29 Oct 99 02:02:47 -0500


Hi Bryan,

On Thu, 28 Oct 1999 23:48:42 -0400, Bryan J. Smith wrote:

>Zope-2.0.1 RPMs:  Recommend permission change on /var/zope/access
>...
>
>Mine installs with 0644 on /var/zope/access.
>Since the "superuser" password is clear-text, I would recommend 0600
>instead.

I'll take a look at that again.  I looked originally and had some trouble re
Zope runs as user nobody and access is owned by root.  And I -think-
when I tried to make access owned by nobody, other things broke.
Maybe I'll try user nobody, group root or vice versa.  I do see your
point though.


>When ZServer is installed as the publishing service, the
>/var/zope/zserver_wo_pcgi.sh file is commented with the following:
<snip>
>I am looking at Zope from a performance issue.  Do I installed both
>ZServer and PCGI RPMs to get this functionality, or which one?  I
>couldn't find any .[p]cgi file when I installed ZServer, although I
>haven't check all the directories yet.

Zope v2.0.x -always- runs the ZServer portion, which is based
on Medusa, a Python extension module.  ZServer is a non-blocking
protocol server that listens on HTTP, FTP, PCGI, Python Monitor
and File I/O ports/events and then invokes the correct portions of
Zope to handle requests.

So when you install the Zope-pcgi RPM, you get ZServer with
a configuration file set to listen to the PCGI Unix pipe, and if you
install the Zope-zserver RPM, you get a configuration file to
listen to the HTTP TCP/IP port.  But you can alter that config
file (/var/zope/zserver.sh) to listen to any mix of ports/event.

>If I come through the PCGI interface, how do I tell it to use
>ZServer for increased performance?  Or is this automatic if ZServer
>is running?

It automatically uses ZServer and if you should enable both the
HTTP port and the PCGI pipe, then you will be able to access
your site via both mechanisms, with the HTTP port being the
faster method, and the PCGI pipe coming from Apache, which
has already read the user's HTTP request and spawned a
CGI process to handle it (/usr/bin/pcgi-wrapper), with that
process then writing the request and env vars into the Unix
pipe which ZServer then reads from and handles the request.

It's -that- extra overhead that you eliminate by going direct to
ZServer via the HTTP port, but in trade, you give up (a) the
ability to serve static files from your filesystem, (b) Apache's
logging facility of hits and such, and (c) any ability to run the
SSL secure socket protocol for e-commerce.

I hope this makes sense... <grin>

-Jeff Rush

>Thanx in advance ...
>-- Bryan "TheBS" Smith