[Zope] Proper zope install method + eventual use at port 80

Jim Penny jpenny at universal-fasteners.com
Wed Jul 21 18:16:49 EDT 2004 

On Wed, 21 Jul 2004 12:55:59 -0700
"Steven Hodgen" <shodgen at solomonschool.com> wrote:

> I'm somewhat confused.  The default install location for Zope is /opt.
>  In
> order to install here, you must do it via root.  

Probably.  But installing and running are two different things!
(And there are other options, for example, as root, you could create a
zope directory, belonging to the zope installation user, whoever that
may be, and then installing, as that user.)
But you don't want the installation user and UID under which zope is
running to be the same.

If zope is installed as root, but run under user-id www-data, or user-id
zope, any security hole in zope would still make it hard for the
attacker to modify the zope programs.

> The only thing I've
> done as root, is 'sudo make install', since I must.  Now, the
> installation tutorial on 'plope.org', recommends doing it this way,
> although it is true that the INSTALL.txt file in doc/ does recommend
> not installing as root, but the default location would seem to
> indicate otherwise.  I've seen references to installing to /usr/local,
> and a user's /home.  Please understand that I'm not a linux expert.  I
> have, however, been a software engineer for years, since '80, but only
> recently have I started exploring linux.  At this point, the proper
> method for utilizing the linux directory hierarchy is a bit of a
> mystery.  All I know is that I want to install Zope in a way which is
> most consistent with the intent of Linux Filesystem Hierarchy
> "standard?", which is somewhat unclear as to where third party
> software should be installed. 
> It seems that /usr/local and /opt are
> valid locations, with /opt being, perhaps, primary.  

Either would be fine, don't get too hung up on FHS.  Distributions need
to, so that they interoperate reasonably well, but end sysadmins simply
need to do something that they understand, can document and remember.

> That being the
> case, /opt would seem a very reasonable place to put Zope, although
> based on this standard Zope's log files should be somewhere in
> /var/log, and it's data files somewhere else in /var, since the data
> changes via ZMI?  

Again, reasonable, but not crucial.  As long as you know where it is,
and which files are writable by the "zope runner" userid, and which are
not, it does not really matter much.

> Please overlook what may be obvious ignorance. You
> may well feel that Installing and running Zope is not the best
> tutorial for a linux newbie, but that's how I learn everything.  I
> just jump in with both feet.  I want a secure system, and perhaps 8080
> is good for now, but I would want to be able to easily change to 80
> without having to reinstall Zope, etc.

Almost no one really needs or want a zope running at port 80.  It is
considered a much safer practice to front the zope with apache or pound,
both of which can do a lot of cleanup before zope handle the request.

> 
> Based on some reading, I was under the impression that it was ok to
> run Zope as root, since it automatically  lowered it's user status to
> the one in zope.cfg after performing some root required
> initializations.

This may be true under really recent zopes.  But, it is not really
needed.  See above.

Jim Penny
> 
> Ok, I'm finished displaying my newbie status, at least for the moment.
>  :-)
> 
> Thanks for your help and patience.
> 
> --Steven
> 
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )
> 
>

More information about the Zope mailing list