[Setup] buildout install not as a root user on Linux
jcfinet
jc.finet at laposte.net
Fri Nov 30 16:07:58 UTC 2007
I 've created a normal user "toto" and install the product with it , then
launch the bin/instance fg as root;
I tried 2 case:
1) put the effective user toto in the zope.conf and no such a line in
buidout, it works;
2) or put it in the buildout and no in the zope.conf, it doesn't work very
well;
so I'm a bit confusing with 'who' and 'where' to put it;
(for the moment it's a development machine but it'll be a production machine
in a few months;)
[instance]
recipe = plone.recipe.zope2instance
zope2-location = ${zope2:location}
user = user_name:passwd
# effective-user = plone or plone or toto ? and is it necessary to put this
line here ?
http-address = (port number)
debug-mode = on
verbose-security = on
Larry Pitcher-5 wrote:
>
> jcfinet wrote:
>> So I answer to mine ;) but not completely;
>>
>> I've created a normal user in order to install a Plone buildout in its
>> home/(username folder)... and now I try to launch "bin/instance fg" as
>> root
>> but an error occurs : "a user was not specified to setuid:fix to start as
>> root (change the effective directive in zope.conf); but in zope.conf,
>> there
>> is no such a directive
>>
>> I thought root had all permission ? Is tit necessary to add this or to
>> use
>> chown command ?
>>
>> JC
>>
>>
>> jcfinet wrote:
>>> (I 've started on general question forum -thanks to Yuri -but it's
>>> better
>>> here)
>>>
>>> I want to install correctly a Plone site on a Linux Debian and I use
>>> buildout;
>>>
>>> at first it didn't work well,the filestorage was empty (no data.fs
>>> created) until I add an effective-user in zope.conf; this user was
>>> created, I suppose, by the person who installed the linux debian.
>>> But even in that case the ZMI is not visible, the ping and telnet
>>> command
>>> works well yet !
>>>
>>> The other solution would be to make install not as a root but as a
>>> "normal
>>> user", and after that, starting the zope instance as a root;
>>> but why to do that and how to do that if the normal user has not the
>>> rights of a root ? If I add a new user, where have I to create the
>>> plone3
>>> buildout...and so on ?
>>> thanks
>>>
>>> JC Finet
>>>
>>
> It's dangerous to run server processes as root, so the system complains.
> You can put in a "effective-user = zope" line in your buildout.cfg file
> (I think it goes in the [instance] section). Make the user match the one
> you installed your buildout with. Or, you can just run ./bin/instance fg
> as the user you installed buildout with.
>
> If you're just testing things out this is all very easy to do in your
> home directory, as Martin recommends. If this is a production machine,
> you should run the server process as a user like "zope" or "plone" so it
> will be easy to recognize, and this user should not have extra
> privileges that could be exploited if the server process is compromised.
>
> HTH,
>
> --
> Larry Pitcher
> Catapult Solutions
>
> Email: larry.pitcher at gmail.com
> Skype: larry.pitcher
> Phone: 509.849.2660
>
> _______________________________________________
> Setup mailing list
> Setup at lists.plone.org
> http://lists.plone.org/mailman/listinfo/setup
>
>
--
View this message in context: http://www.nabble.com/buildout-install-not-as-a-root-user-on-Linux-tf4885438s15482.html#a14042414
Sent from the Installation, Setup, Upgrades mailing list archive at Nabble.com.
More information about the Setup
mailing list