[Zope-Checkins] SVN: Zope/trunk/doc/ SETUID reSTified

Andreas Jung andreas at andreas-jung.com
Fri Feb 20 10:32:41 EST 2009


Log message for revision 96829:
  SETUID reSTified
  

Changed:
  U   Zope/trunk/doc/SETUID.txt
  U   Zope/trunk/doc/index.txt

-=-
Modified: Zope/trunk/doc/SETUID.txt
===================================================================
--- Zope/trunk/doc/SETUID.txt	2009-02-20 15:29:53 UTC (rev 96828)
+++ Zope/trunk/doc/SETUID.txt	2009-02-20 15:32:40 UTC (rev 96829)
@@ -1,29 +1,30 @@
 Zope effective user support
+===========================
 
-  Zope can bind its network service to low ports such as 21 (FTP) and
-  80 (HTTP).  In order to bind to low ports, Zope must be started as
-  the root user.  However, Zope will only run as root long enough to
-  bind to these low ports.  It will then attempt to setuid to a less
-  privileged user.
+Zope can bind its network service to low ports such as 21 (FTP) and
+80 (HTTP).  In order to bind to low ports, Zope must be started as
+the root user.  However, Zope will only run as root long enough to
+bind to these low ports.  It will then attempt to setuid to a less
+privileged user.
 
-  You must specify the user to which Zope will attempt to setuid by
-  changing the 'effective-user' parameter in the zope.conf
-  configuration file to an existing username or UID.  All runtime
-  files will be written as this user.  If you do not specify an
-  'effective-user' in the configuration file, and you attempt to start
-  Zope, it will refuse to start.
+You must specify the user to which Zope will attempt to setuid by
+changing the 'effective-user' parameter in the zope.conf
+configuration file to an existing username or UID.  All runtime
+files will be written as this user.  If you do not specify an
+'effective-user' in the configuration file, and you attempt to start
+Zope, it will refuse to start.
 
-  Zope additionally emits a warning if you specify 'nobody' as the
-  'effective-user'.  The rationale for this warning stems from the
-  fact that, historically, many other UNIX services dropped privileges
-  to the 'nobody' account after starting as root.  Any security
-  defects in these services could cause someone to gain access as the
-  'nobody' account on your system.  If someone was to gain control of
-  your 'nobody' account they could compromise your Zope files.
+Zope additionally emits a warning if you specify 'nobody' as the
+'effective-user'.  The rationale for this warning stems from the
+fact that, historically, many other UNIX services dropped privileges
+to the 'nobody' account after starting as root.  Any security
+defects in these services could cause someone to gain access as the
+'nobody' account on your system.  If someone was to gain control of
+your 'nobody' account they could compromise your Zope files.
 
-  The most important thing to remember about effective user support is
-  that you don't have to start Zope as root unless you want to listen
-  for requests on low ports (ports beneath 1024).  In fact, if you
-  don't have this need, you are much better off just starting Zope
-  under a dedicated user account.
+The most important thing to remember about effective user support is
+that you don't have to start Zope as root unless you want to listen
+for requests on low ports (ports beneath 1024).  In fact, if you
+don't have this need, you are much better off just starting Zope
+under a dedicated user account.
 

Modified: Zope/trunk/doc/index.txt
===================================================================
--- Zope/trunk/doc/index.txt	2009-02-20 15:29:53 UTC (rev 96828)
+++ Zope/trunk/doc/index.txt	2009-02-20 15:32:40 UTC (rev 96829)
@@ -13,6 +13,7 @@
    CHANGES.txt
    INSTALL.txt
    ZOPE3.txt
+   SETUID.txt
 
 Indices and tables
 ==================



More information about the Zope-Checkins mailing list