[Zope] Uh, I think I goofed (running as root)

Shane Hathaway shane@digicool.com
Mon, 03 Jul 2000 17:41:28 -0400


Gary Shears wrote:
> > Also keep in mind that Zope does not run as "root", so if you are
> > running on a Unix-like system such as Linux, even if Zope were fully
> > compromised an intruder would still have to find a security hole in
> > something else before it's possible to write to arbitrary files.
> 
> I just checked the perms on zope, and it's owned by root. Started it, looked at
> the processes owned by root (ps -u root) and 'python' shows up, with the same
> PID as Z2.pid. Is there an easy way to fix this?
> Thanks in advance.

Run

ps -ef|grep python

or 

ps auxww|grep python

(depending on your system; the latter is preferred).  Zope usually runs
two processes: a process manager and the real server.  The process
manager runs as root and the real server, which actually handles the
connections and talks to the file system, has many threads.  So, if
configured correctly, you should see one python process running as root
and several others running as nobody (or whataver you configured the
user to be).  The process manager just restarts the real server
automatically when it dies.

Shane