[Setup] Installation guide update - non-root recommendation

Daniel Tordable daniel at danieltordable.net
Wed Feb 6 15:19:29 UTC 2013


Been reading this stuff after trying to install Plone 4.3 in a FreeBSD box.
Tried it on a zeo installation like I did with 4.2 series but it failed
because something, IIRC a package that was not found within the .tgz of
that installer (something that is called  'precompiler').

I don't know how to install P4.3.
2013/2/6 Steve McMahon <steve at dcn.org>

> On Tue, Feb 5, 2013 at 2:36 PM, Mikko Ohtamaa <
> mikko+plone at redinnovation.com> wrote:
>
>> ...
>>
>> Questions I have immediately in my mind include:
>>
>> Does 4.3 installer mean Ineed two UNIX user accounts (one for buildouting,
>> one for launching the daemon)
>>
>
> By default yes. It also sets up a group that contains both users.
>
>
>>
>> How one is suppose to update src/ files on run buildout? As a sudo and
>> root?
>>
>
> With a command like:
>
> sudo -u plone_buildout bin/buildout
>
> The buildout also has a component that precompiles .py and .po files so
> that the daemon user doesn't have to do this. The common group is used so
> that the daemon and buildout users can both write to ./var.
>
>
>>
>> Do you still need to launch the site as a root and you cannot do
>> bin/instance restart as a normal user?
>>
>
> It would typically be:
>
> sudo -u plone_daemon bin/instance ...
>
> or by having supervisor set up to run it as plone_daemon.
>
> The security gain from all this extra work is to prevent the daemon user
> processes from being able writing into anything other than var. In
> particular, prevent them from writing into code and configuration
> directories.
>
>
>>
>>
> _______________________________________________
> Setup mailing list
> Setup at lists.plone.org
> https://lists.plone.org/mailman/listinfo/plone-setup
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plone.org/pipermail/plone-setup/attachments/20130206/58063cfc/attachment.html>


More information about the Setup mailing list