[Setup] buildout install not as a root user on Linux

Fri Nov 30 16:07:58 UTC 2007

I 've created a normal user "toto" and install the product with it , then
launch the bin/instance fg as root;

I tried 2 case:

1) put the effective user toto in the zope.conf and no such a line in
buidout, it works;

2) or put it in the buildout and no in the zope.conf, it doesn't work very
well;

so I'm a bit confusing with 'who' and 'where' to put it;

(for the moment it's a development machine but it'll be a production machine
in a few months;)

[instance]
recipe = plone.recipe.zope2instance
zope2-location = ${zope2:location}
user = user_name:passwd

# effective-user = plone or plone or toto ? and is it necessary to put this
line here ?

http-address = (port number)
debug-mode = on
verbose-security = on

Larry Pitcher-5 wrote:
> 
> jcfinet wrote:
>> So I answer to mine ;) but not completely;
>> 
>> I've created a normal user in order to install a Plone buildout in its
>> home/(username folder)... and now I try to launch "bin/instance fg" as
>> root
>> but an error occurs : "a user was not specified to setuid:fix to start as
>> root (change the effective directive in zope.conf); but in zope.conf,
>> there
>> is no such a directive
>> 
>> I thought root had all permission ? Is tit necessary to add this or to
>> use
>> chown command ?
>> 
>> JC
>> 
>> 
>> jcfinet wrote:
>>> (I 've started on general question forum  -thanks to Yuri -but it's
>>> better
>>> here)
>>>
>>> I want to install correctly a Plone site on a Linux Debian and I use
>>> buildout;
>>>
>>> at first it didn't work well,the filestorage was empty (no data.fs
>>> created) until I add an effective-user in zope.conf; this user was
>>> created, I suppose, by the person who installed the linux debian.
>>> But even in that case the ZMI is not visible, the ping and telnet
>>> command
>>> works well yet !
>>>
>>> The other solution would be to make install not as a root but as a
>>> "normal
>>> user", and after that, starting  the zope instance as a root;
>>> but why to do that and how to do that if the normal user has not the
>>> rights of a root ? If I add a new user, where have I to create the
>>> plone3
>>> buildout...and so on ?
>>> thanks
>>>
>>> JC Finet 
>>>
>> 
> It's dangerous to run server processes as root, so the system complains. 
> You can put in a "effective-user = zope" line in your buildout.cfg file 
> (I think it goes in the [instance] section). Make the user match the one 
> you installed your buildout with. Or, you can just run ./bin/instance fg 
> as the user you installed buildout with.
> 
> If you're just testing things out this is all very easy to do in your 
> home directory, as Martin recommends. If this is a production machine, 
> you should run the server process as a user like "zope" or "plone" so it 
> will be easy to recognize, and this user should not have extra 
> privileges that could be exploited if the server process is compromised.
> 
> HTH,
> 
> -- 
> Larry Pitcher
> Catapult Solutions
> 
> Email: larry.pitcher at gmail.com
> Skype: larry.pitcher
> Phone: 509.849.2660
> 
> _______________________________________________
> Setup mailing list
> Setup at lists.plone.org
> http://lists.plone.org/mailman/listinfo/setup
> 
> 

-- 
View this message in context: http://www.nabble.com/buildout-install-not-as-a-root-user-on-Linux-tf4885438s15482.html#a14042414
Sent from the Installation, Setup, Upgrades mailing list archive at Nabble.com.