[Zope] Ownership & permissions of var for Zope on port 80: Definitive answer?

Dieter Maurer dieter at handshake.de
Wed Sep 17 15:54:30 EDT 2003


Ian Beatty wrote at 2003-9-17 09:49 -0400:
 > ...
 > What I want is pretty simple: to have Zope (2.6.1, python 2.1.3)  run on
 > port 80 on a Red Hat 8 system. That's got to be pretty common, right? I've
 > got a startup script which runs as root, and launches Zope with the -u flag
 > to change the process owner to a user named 'zope'.
 > ...
 > Basically, I get one of two problems:
 > 
 > 1) If I set the owner of var and its contents to root, Zope launches just
 > fine, but if I try to pack the database through the ZMI, I get
 > permission-denied errors. My Plone site managers also start getting weird
 > permission-denied errors after a while, too.

This is to be expected.

 > 2) If I set the owner of var and its contents to the Zope user 'zope', Zope
 > silently fails on launch. If, however, I let Zope launch with root owning
 > var and then, after it's running, change the owner to 'zope', everything
 > works just fine. Until the next time Zope needs to restart, when it silently
 > fails. Ugh.

This looks like the bug, Chris fixed for Zope 2.7:

  Zope opens its log file at a time when it still runs as root.
  Later, when it has switched to the new user, it is no longer
  able to write logs.

Chris' fix: delay opening the log file until the user is switched.
 > 
 > I've tried setting var's owner to root and group to zope (the group that the
 > zope user belongs to), with g+w permission to var and its contents, but then
 > I still get permission-denied and 'Operation not permitted' errors when
 > packing the ODB.

Probably, your "umask" does not give write access for the group.
"umask" is used for all files which are newly created.


Dieter



More information about the Zope mailing list