Commit e763f3bf authored by Andreas Jung's avatar Andreas Jung

SETUID reSTified

parent ab2c716f
Zope effective user support
===========================
Zope can bind its network service to low ports such as 21 (FTP) and
80 (HTTP). In order to bind to low ports, Zope must be started as
the root user. However, Zope will only run as root long enough to
bind to these low ports. It will then attempt to setuid to a less
privileged user.
Zope can bind its network service to low ports such as 21 (FTP) and
80 (HTTP). In order to bind to low ports, Zope must be started as
the root user. However, Zope will only run as root long enough to
bind to these low ports. It will then attempt to setuid to a less
privileged user.
You must specify the user to which Zope will attempt to setuid by
changing the 'effective-user' parameter in the zope.conf
configuration file to an existing username or UID. All runtime
files will be written as this user. If you do not specify an
'effective-user' in the configuration file, and you attempt to start
Zope, it will refuse to start.
You must specify the user to which Zope will attempt to setuid by
changing the 'effective-user' parameter in the zope.conf
configuration file to an existing username or UID. All runtime
files will be written as this user. If you do not specify an
'effective-user' in the configuration file, and you attempt to start
Zope, it will refuse to start.
Zope additionally emits a warning if you specify 'nobody' as the
'effective-user'. The rationale for this warning stems from the
fact that, historically, many other UNIX services dropped privileges
to the 'nobody' account after starting as root. Any security
defects in these services could cause someone to gain access as the
'nobody' account on your system. If someone was to gain control of
your 'nobody' account they could compromise your Zope files.
Zope additionally emits a warning if you specify 'nobody' as the
'effective-user'. The rationale for this warning stems from the
fact that, historically, many other UNIX services dropped privileges
to the 'nobody' account after starting as root. Any security
defects in these services could cause someone to gain access as the
'nobody' account on your system. If someone was to gain control of
your 'nobody' account they could compromise your Zope files.
The most important thing to remember about effective user support is
that you don't have to start Zope as root unless you want to listen
for requests on low ports (ports beneath 1024). In fact, if you
don't have this need, you are much better off just starting Zope
under a dedicated user account.
The most important thing to remember about effective user support is
that you don't have to start Zope as root unless you want to listen
for requests on low ports (ports beneath 1024). In fact, if you
don't have this need, you are much better off just starting Zope
under a dedicated user account.
......@@ -13,6 +13,7 @@ Contents:
CHANGES.txt
INSTALL.txt
ZOPE3.txt
SETUID.txt
Indices and tables
==================
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment