[Zope-Checkins] CVS: Zope/doc - SETUID.txt:1.1.2.1

Matt Behrens matt@zigg.com
Fri, 9 Aug 2002 12:40:37 -0400


Update of /cvs-repository/Zope/doc
In directory cvs.zope.org:/tmp/cvs-serv21936/doc

Added Files:
      Tag: Zope-2_7-development-branch
	SETUID.txt 
Log Message:
merge setuid() doco from HEAD


=== Added File Zope/doc/SETUID.txt ===
ZServer 'setuid()' support

  ZServer (Zope's server) supports 'setuid()' on POSIX systems in order to
  be able to listen on low ports such as 21 (FTP) and 80 (HTTP) but drop
  root privileges when running; on most POSIX systems only the 'root' user
  can do this.  Versions of Zope prior to 2.6 had less robust versions
  of this support.  Several problems were corrected for the 2.6 release.

  The most important thing to remember about this support is that you
  don't *have* to start ZServer as root unless you want to listen for
  requests on low ports.  In fact, if you don't have this need, you are
  much better off just starting ZServer as a user account dedicated to
  running Zope.  'nobody' is not a good idea for this user account;
  see below.

  If you do need to have ZServer listening on low ports, you will need to
  start 'z2.py' as the 'root' user, and also specify what user ZServer
  should 'setuid()' to.  Do this by specifying the '-u' option followed
  by a username or UID, either in the 'start' script or on the 'z2.py'
  command line.  The default used to be 'nobody'; however if any other
  daemon on a system that ran as 'nobody' was compromised, this would
  have opened up your Zope object data to compromise.

  You must also make sure the var directory is owned by root, and that
  it has the sticky bit set.  This is done by the command 'chmod o+t
  var' on most systems.  When the sticky bit is set on a directory,
  anyone can write files, but nobody can delete others' files in order
  to rewrite them.  This is necessary to keep others from overwriting
  the PID file, tricking root into killing processes when 'stop' is run.