[Zope] unix security patch

Dunigan, Craig craig.dunigan@esker.com
Wed, 3 Apr 2002 09:12:55 -0600


Toby's point still applies.  In order to run on a privileged port, zope must
be started as root.  I have another question for you, though.  Are you sure
you installed zope with the -u switch to tell it that you would be running
it as a non-privileged user?  Something like './install -u zope -g
zopegroup' for the binary version?  That could account for what you're
seeing.  Even so, it still must be started as root in order to use port 80.
There's just no way around that.

> -----Original Message-----
> From: notices name [mailto:notices@fiberfolk.com]
> Sent: Wednesday, April 03, 2002 5:43 AM
> To: tdickenson@geminidataloggers.com; notices@fiberfolk.com
> Cc: zope@zope.org
> Subject: Re: [Zope] unix security patch
> 
> 
> I believe I want -u zope because I don't have Apache, zope is 
> the web server. 
> So zope has to serve on port 80. Thanks,
> Annie 
> 
> --- Toby Dickenson <tdickenson@devmail.geminidataloggers.co.uk> wrote:
> >On Tue, 2 Apr 2002 09:43:42 -0800 (PST), notices name
> ><notices@fiberfolk.com> wrote:
> >
> >>and then I edited start to add -u zope
> >
> >that means zope is going to *change* to the new user. It can only do
> >that if started as root. This is a little more difficult to set up,
> >but necessary if (and only if) you want zope to listen on a low
> >numbered port (80, 21, etc)
> >
> >An alternative is to change to that new user before starting zope.
> >Then you dont need any -u switch, but you have to use a high numbered
> >port (such as 8080)
> >
> >
> >
> >Toby Dickenson
> >tdickenson@geminidataloggers.com
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>