[Zope] Re: Suggestions for improvinghttp://www.zope.org/Members/mcdonc/HowTos/zopeinstall/ZOPE-INSTALL-HOWTO

Chris McDonough chrism@zope.com
Wed, 13 Mar 2002 11:38:39 -0500


Excellent, thanks so much Doug.  I'll roll these suggestions in to the next
release.


----- Original Message -----
From: "Douglas Carnall" <dougie@carnall.org>
To: <chrism@zope.com>
Cc: "Zope List" <zope@zope.org>
Sent: Wednesday, March 13, 2002 11:27 AM
Subject: Suggestions for
improvinghttp://www.zope.org/Members/mcdonc/HowTos/zopeinstall/ZOPE-INSTALL-
HOWTO


> Chris,
>
> What with all the activity on the list in the last week about the quality
of
> documentation, I'd thought I'd better try to deliver on my promise to send
> you feedback. I'd hoped to send you something more polished, but best not
to
> let the best be the enemy of the good I always think. Anyway, the
following
> comments relate to my experience of installing Zope using your fine
> document:
>
> http://www.zope.org/Members/mcdonc/HowTos/zopeinstall/ZOPE-INSTALL-HOWTO
>
> 1) A bit out of date: refers to "the as yet mythical 2.2.5" for example
(we
> are now 2.5.0, no?)
>
>
> 2) A couple of minor typo-like errors
>
>
> All this futzing with security is important because we're going to start
> Zope as the root user. When Zope is started as root, it executes programs
> kept in the Zope directory as the root user before it switches user
context
> to the nobody user. If these program files are modifiable by arbitrary
> users, ***you [could] [be] [are] compromising the security of your
> system.*** We've limited our risk by allowing only three trusted users to
> access the Zope holding directory and anything kept within it. Giving
> arbitrary write access to the holding directory or the Zope directory and
> files within is a Bad Idea.
>
> ***pick one
>
> =====
> =====
>
> There, I did it. I've got a holding directory named "/usr/local/zope"
that's
> owned by the "nobody" user. It's also group-owned by the "mcdonc" group,
> whose only member is my user account "mcdonc".
>
> 3) Educational suggestions
>
> Could add:
>
> If you don't already have such a group on your system, you need to set one
> up as follows
>
> dougie@carnall:/usr/local/zope$ su
> Password:
> dougie@carnall:/usr/local/zope#
> root@carnall:/usr/local/zope# usermod -G users,dougie dougie
>
> This adds the user dougie to two groups, users and dougie.
>
>
> *****
>
> *****
>
> Further reading/additional knowledge.
>
> Understanding unix permissions is vital to successfully installing zope.
You
> may need to brush up by reading the man pages of the following commands:
>
> chmod/chgrp/useradd/groupadd/usermod/groupmod
>
> (It was setting up the groups that I had not done before)
>
> dougie@carnall:/usr/local/zope$ man usermod
>
> and so on
>
> This is a nice introductory page:
>
> http://www.perlfect.com/articles/chmod.shtml
>
> I'd also recommend
>
> Pfaffenberger B. Linux Command Instant Reference. Almeda CA: Sybex, 2000.
>
> though O'Reilly has just put up this nice page here:
>
> http://www.oreillynet.com/linux/cmd/
>
> *****
> *****
>
> If you are having trouble with your install have a look at these related
> webpages:
>
> start with:
>
> http://www.zope.org/Members/jens/docs/newbie_caveats
>
> I made a mini-link-o-paedia for someone on the list a while back:
>
> http://www.carnall.demon.co.uk/install_zope.html
>
> Scavenge at will.
>
> ******
> ******
>
> Might be useful to reassure people of the distro independence of Zope, and
> the various versions of python problem. (see
> http://lists.zope.org/pipermail/zope/2002-February/108708.html et seq)
>
> Hope this is helpful
>
> D.
>
> --
> Douglas Carnall
>
> tel:+44 (0)20 7241 1255
> fax:08700 557879
> mob:07900 212881
> http://www.carnall.org/
> dougie@carnall.org
>
>