[Setup] buildout install not as a root user on Linux

Larry Pitcher unclelarry at inlandnet.com
Thu Nov 29 17:45:24 UTC 2007 

jcfinet wrote:
> So I answer to mine ;) but not completely;
> 
> I've created a normal user in order to install a Plone buildout in its
> home/(username folder)... and now I try to launch "bin/instance fg" as root
> but an error occurs : "a user was not specified to setuid:fix to start as
> root (change the effective directive in zope.conf); but in zope.conf, there
> is no such a directive
> 
> I thought root had all permission ? Is tit necessary to add this or to use
> chown command ?
> 
> JC
> 
> 
> jcfinet wrote:
>> (I 've started on general question forum  -thanks to Yuri -but it's better
>> here)
>>
>> I want to install correctly a Plone site on a Linux Debian and I use
>> buildout;
>>
>> at first it didn't work well,the filestorage was empty (no data.fs
>> created) until I add an effective-user in zope.conf; this user was
>> created, I suppose, by the person who installed the linux debian.
>> But even in that case the ZMI is not visible, the ping and telnet command
>> works well yet !
>>
>> The other solution would be to make install not as a root but as a "normal
>> user", and after that, starting  the zope instance as a root;
>> but why to do that and how to do that if the normal user has not the
>> rights of a root ? If I add a new user, where have I to create the plone3
>> buildout...and so on ?
>> thanks
>>
>> JC Finet 
>>
> 
It's dangerous to run server processes as root, so the system complains. 
You can put in a "effective-user = zope" line in your buildout.cfg file 
(I think it goes in the [instance] section). Make the user match the one 
you installed your buildout with. Or, you can just run ./bin/instance fg 
as the user you installed buildout with.

If you're just testing things out this is all very easy to do in your 
home directory, as Martin recommends. If this is a production machine, 
you should run the server process as a user like "zope" or "plone" so it 
will be easy to recognize, and this user should not have extra 
privileges that could be exploited if the server process is compromised.

HTH,

-- 
Larry Pitcher
Catapult Solutions

Email: larry.pitcher at gmail.com
Skype: larry.pitcher
Phone: 509.849.2660

More information about the Setup mailing list