[Zope-dev] root ZServer
lists at andreas-jung.com
Wed Jan 19 00:46:32 EST 2005
--On Mittwoch, 19. Januar 2005 15:18 Uhr +1100 Alan Milligan
<alan at balclutha.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> I have a requirement to run a root uid Z2 process and was most surprised
> to see that line 334 of Zope/Startup/__init__.py expressly forbids this,
> throwing a ZConfig.ConfigurationError
> While it's not a good idea to configure Zope to run as root by default,
> isn't it completely fascist to disallow it altogether? Similarly, I'd
> now expect issues if I chose to attach a Z2 to a low port.
> As far as I'm concerned, the account policy (and port too) is clearly
> defined by directives in zope.conf and should be honoured - clearly
> someone's consciously made these configuration changes and is thus fully
> accepting of their potential consequences.
> How about relaxing this requirement?
There is zero need to relax this requirement. You only have to start Zope
to get port 80 but it is in general not a good idea for *any* service to run
as root for security reasons. So there is absolutely no reason to *not*
the the uid of the process to a user with less permissions.
More information about the Zope-Dev