document setuid() support, I have had a few questions on this...

ea80d43f · Matt Behrens · a61264dd · ea80d43f · ea80d43f
Commit ea80d43f authored Aug 09, 2002 by Matt Behrens
Hide whitespace changes
Inline Side-by-side

Showing with 34 additions and 2 deletions

doc/SETUID.txt doc/SETUID.txt +30 -0

z2.py z2.py +4 -2

No files found.
--- a/doc/SETUID.txt
+++ b/doc/SETUID.txt
+ZServer 'setuid()' support
+
+  ZServer (Zope's server) supports 'setuid()' on POSIX systems in order to
+  be able to listen on low ports such as 21 (FTP) and 80 (HTTP) but drop
+  root privileges when running; on most POSIX systems only the 'root' user
+  can do this.  Versions of Zope prior to 2.6 had less robust versions
+  of this support.  Several problems were corrected for the 2.6 release.
+
+  The most important thing to remember about this support is that you
+  don't *have* to start ZServer as root unless you want to listen for
+  requests on low ports.  In fact, if you don't have this need, you are
+  much better off just starting ZServer as a user account dedicated to
+  running Zope.  'nobody' is not a good idea for this user account;
+  see below.
+
+  If you do need to have ZServer listening on low ports, you will need to
+  start 'z2.py' as the 'root' user, and also specify what user ZServer
+  should 'setuid()' to.  Do this by specifying the '-u' option followed
+  by a username or UID, either in the 'start' script or on the 'z2.py'
+  command line.  The default used to be 'nobody'; however if any other
+  daemon on a system that ran as 'nobody' was compromised, this would
+  have opened up your Zope object data to compromise.
+
+  You must also make sure the var directory is owned by root, and that
+  it has the sticky bit set.  This is done by the command 'chmod o+t
+  var' on most systems.  When the sticky bit is set on a directory,
+  anyone can write files, but nobody can delete others' files in order
+  to rewrite them.  This is necessary to keep others from overwriting
+  the PID file, tricking root into killing processes when 'stop' is run.
+
--- a/z2.py
+++ b/z2.py
@@ -825,7 +825,8 @@ try:
                raise SystemExit, 'initgroups is required to safely setuid'
            if UID == None:
                raise SystemExit, ('A user was not specified to setuid '
-                                   'to; fix this to start as root')
+                                   'to; fix this to start as root (see '
+                                   'doc/SETUID.txt)')
            import stat
            client_home_stat = os.stat(CLIENT_HOME)
            client_home_faults = []
@@ -834,7 +835,8 @@ try:
            if client_home_stat[stat.ST_UID] != 0:
                client_home_faults.append('is not owned by root')
            if client_home_faults:
-                client_home_faults.append('fix this to start as root.')
+                client_home_faults.append('fix this to start as root (see '
+                                          'doc/SETUID.txt)')
                err = '%s %s' % (CLIENT_HOME, ', '.join(client_home_faults))
                raise SystemExit, err