Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Z
Zope
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
Zope
Commits
0d230940
Commit
0d230940
authored
Jul 20, 2003
by
Chris McDonough
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update for 2.7.
parent
96f70233
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
32 additions
and
42 deletions
+32
-42
doc/SETUID.txt
doc/SETUID.txt
+24
-25
doc/SIGNALS.txt
doc/SIGNALS.txt
+8
-17
No files found.
doc/SETUID.txt
View file @
0d230940
Z
Server 'setuid()'
support
Z
ope effective user
support
Z
Server (Zope's server) supports 'setuid()' on POSIX systems in order to
be able to listen on low ports such as 21 (FTP) and 80 (HTTP) but drop
root privileges when running; on most POSIX systems only the 'root' user
can do this. Versions of Zope prior to 2.6 had less robust version
s
of this support. Several problems were corrected for the 2.6 release
.
Z
ope can bind its network service to low ports such as 21 (FTP) and
80 (HTTP). In order to bind to low ports, Zope must be started as
the root user. However, Zope will only run as root long enough to
bind to these low ports. It will then attempt to setuid to a les
s
privileged user
.
The most important thing to remember about this support is that you
don't *have* to start ZServer as root unless you want to listen for
requests on low ports. In fact, if you don't have this need, you ar
e
much better off just starting ZServer as a user account dedicated to
running Zope. 'nobody' is not a good idea for this user account;
see below
.
You must specify the user to which Zope will attempt to setuid by
changing the 'effective-user' parameter in the zope.conf
configuration file to an existing username or UID. All runtim
e
files will be written as this user. If you do not specify an
'effective-user' in the configuration file, and you attempt to start
Zope, it will refuse to start
.
If you do need to have ZServer listening on low ports, you will need to
start 'z2.py' as the 'root' user, and also specify what user ZServer
should 'setuid()' to. Do this by specifying the '-u' option followed
by a username or UID, either in the 'start' script or on the 'z2.py'
command line. The default used to be 'nobody'; however if any other
daemon on a system that ran as 'nobody' was compromised, this would
have opened up your Zope object data to compromise
.
Zope additionally emits a warning if you specify 'nobody' as the
'effective-user'. The rationale for this warning stems from the
fact that, historically, many other UNIX services dropped privileges
to the 'nobody' account after starting as root. Any security
defects in these services could cause someone to gain access as the
'nobody' account on your system. If someone was to gain control of
your 'nobody' account they could compromise your Zope files
.
You must also make sure the var directory is owned by root, and that
it has the sticky bit set. This is done by the command 'chmod o+t
var' on most systems. When the sticky bit is set on a directory,
anyone can write files, but nobody can delete others' files in order
to rewrite them. This is necessary to keep others from overwriting
the PID file, tricking root into killing processes when 'stop' is run.
The most important thing to remember about effective user support is
that you don't have to start Zope as root unless you want to listen
for requests on low ports (ports beneath 1024). In fact, if you
don't have this need, you are much better off just starting Zope
under a dedicated user account.
doc/SIGNALS.txt
View file @
0d230940
...
...
@@ -4,32 +4,23 @@ Signals (POSIX only)
If you are using Windows then this documentation does not apply.
Zope responds to signals which are sent to the process id
specified in the file '
ZOP
E_HOME/var/Z2.pid'::
specified in the file '
$INSTANC
E_HOME/var/Z2.pid'::
SIGHUP - close open database connections, then restart the server
process.
The common
idiom for restarting a Zope server is:
process.
A
idiom for restarting a Zope server is:
kill -HUP `cat
ZOP
E_HOME/var/z2.pid`
kill -HUP `cat
$INSTANC
E_HOME/var/z2.pid`
SIGTERM - close open database connections then shut down.
The
common
SIGTERM - close open database connections then shut down.
A
common
idiom for shutting down Zope is:
kill -TERM `cat
ZOP
E_HOME/var/Z2.pid`
kill -TERM `cat
$INSTANC
E_HOME/var/Z2.pid`
SIGINT - same as SIGTERM
SIGUSR2 - close and re-open all Zope log files (z2.log, event log,
detailed log.)
The
common idiom after rotating Zope log files
detailed log.)
A
common idiom after rotating Zope log files
is:
kill -USR2 `cat ZOPE_HOME var/z2.pid`
The process id written to the 'z2.pid' file depends on whether Zope
is run under the 'zdaemon' management process. If Zope is run under
a management process (as it is by default) then the pid of the
management process is recorded here. Relevant signals sent to the
management process are forwarded on to the server process.
Specifically, it forwards all those signals listed above, plus
SIGQUIT and SIGUSR1. If Zope is not using a management process (-Z0
on the z2.py command line), the server process records its own pid
into 'z2.pid', but all signals work the same way.
kill -USR2 `cat $INSTANCE_HOME/var/z2.pid`
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
