Re: [Zope-dev] root ZServer
On Wed, Jan 19, 2005 at 05:04:53PM +1100, Alan Milligan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Jung wrote: | There is zero need to relax this requirement. You only have to start | Zope as root I just explained you cannot start as root ... | to get port 80 but it is in general not a good idea for *any* service to | run | as root for security reasons. So there is absolutely no reason to *not* | changing | the the uid of the process to a user with less permissions. Says you!! I happen to be using zope to wrap a number of excellent Python rpm packaging scripts/modules (eg yum, mach), and as part of this process, need to do rpm package installs from the zope server which obviously requires root access. You can solve this problem by using sudo. Make an external method that executes sudo with the commands you want (you have to use the NOPASSWD option to prevent sudo for asking for a password). This gives you both, zope running as a non privileged user and your rpm commands running as root. regards Stefan I see no reason why I should be penalised for using the excellent workflow features of Zope in a system programming environment. If Zope is to be useful to the widest cross community, we really MUST stop this 'we know best' attitude and allow people at the coalface to override default behaviour as only they are in a position to evaluate the appropriateness of the 'security reasons'. How about a 'yes' response this time. Alan -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFB7fiFCfroLk4EZpkRAoDZAJ40UveUjpBGyN0/1VnUmZUQz0GctgCfa+R1 tvE2RP5DNwa2IlEmMmX2l0g= =JNQg -END PGP SIGNATURE- ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] root ZServer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 S.Aeschbacher wrote: | You can solve this problem by using sudo. Make an external method that | executes sudo with the commands you want (you have to use the NOPASSWD | option to prevent sudo for asking for a password). This gives you both, | zope running as a non privileged user and your rpm commands running as root. | check out mach ( http://thomas.apestaart.org/projects/mach/) ... -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFB7iHhCfroLk4EZpkRAmL4AJ9J7DnBTJ6YlbkWvR5k6vrrYIUrSgCgpb5F qHJp0lOn1dyB04fWLSaHwv0= =Ifk0 -END PGP SIGNATURE- ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] root ZServer
On Tuesday 18 January 2005 9:18 pm, Alan Milligan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I have a requirement to run a root uid Z2 process and was most surprised to see that line 334 of Zope/Startup/__init__.py expressly forbids this, throwing a ZConfig.ConfigurationError While it's not a good idea to configure Zope to run as root by default, isn't it completely fascist to disallow it altogether? Similarly, I'd now expect issues if I chose to attach a Z2 to a low port. As far as I'm concerned, the account policy (and port too) is clearly defined by directives in zope.conf and should be honoured - clearly someone's consciously made these configuration changes and is thus fully accepting of their potential consequences. How about relaxing this requirement? Alan Why would you need to run zope as root? You can start it as root so it can bind to a low numbered port and then it will switch to a less privelaged user for its normal operations. I can't think of a good reason right now for why a network service should be run as the root user. ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] root ZServer
--On Mittwoch, 19. Januar 2005 15:18 Uhr +1100 Alan Milligan [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I have a requirement to run a root uid Z2 process and was most surprised to see that line 334 of Zope/Startup/__init__.py expressly forbids this, throwing a ZConfig.ConfigurationError While it's not a good idea to configure Zope to run as root by default, isn't it completely fascist to disallow it altogether? Similarly, I'd now expect issues if I chose to attach a Z2 to a low port. As far as I'm concerned, the account policy (and port too) is clearly defined by directives in zope.conf and should be honoured - clearly someone's consciously made these configuration changes and is thus fully accepting of their potential consequences. How about relaxing this requirement? There is zero need to relax this requirement. You only have to start Zope as root to get port 80 but it is in general not a good idea for *any* service to run as root for security reasons. So there is absolutely no reason to *not* changing the the uid of the process to a user with less permissions. -aj ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] root ZServer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Jung wrote: | There is zero need to relax this requirement. You only have to start | Zope as root I just explained you cannot start as root ... | to get port 80 but it is in general not a good idea for *any* service to | run | as root for security reasons. So there is absolutely no reason to *not* | changing | the the uid of the process to a user with less permissions. Says you!! I happen to be using zope to wrap a number of excellent Python rpm packaging scripts/modules (eg yum, mach), and as part of this process, need to do rpm package installs from the zope server which obviously requires root access. I see no reason why I should be penalised for using the excellent workflow features of Zope in a system programming environment. If Zope is to be useful to the widest cross community, we really MUST stop this 'we know best' attitude and allow people at the coalface to override default behaviour as only they are in a position to evaluate the appropriateness of the 'security reasons'. How about a 'yes' response this time. Alan -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFB7fiFCfroLk4EZpkRAoDZAJ40UveUjpBGyN0/1VnUmZUQz0GctgCfa+R1 tvE2RP5DNwa2IlEmMmX2l0g= =JNQg -END PGP SIGNATURE- ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] root ZServer
--On Mittwoch, 19. Januar 2005 17:04 Uhr +1100 Alan Milligan [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Jung wrote: | There is zero need to relax this requirement. You only have to start | Zope as root I just explained you cannot start as root ... And I explained that Zope wants to the change the UID to a non-root account for security reasons. | to get port 80 but it is in general not a good idea for *any* service to | run | as root for security reasons. So there is absolutely no reason to *not* | changing | the the uid of the process to a user with less permissions. Says you!! I happen to be using zope to wrap a number of excellent Python rpm packaging scripts/modules (eg yum, mach), and as part of this process, need to do rpm package installs from the zope server which obviously requires root access. I see no reason why I should be penalised for using the excellent workflow features of Zope in a system programming environment. If Zope is to be useful to the widest cross community, we really MUST stop this 'we know best' attitude and allow people at the coalface to override default behaviour as only they are in a position to evaluate the appropriateness of the 'security reasons'. To be honest: if you need another behaviour than the one implemented then fix it on your own and maybe put a patch into the Zope collector. So if someone has the same problem it can grab the patch. At least your usecase does not seem to be common so I don't think we should add such a dangerous feature (although if disabled by default) with Zope. There are also other applications e.g. postgres that refuse to run as root. If you need to perform root-level operations from within a non-rooted Zope there are enough solutions available to give the application limited root right (sudo etcsearch on freshmeat). I consider your request as a YAGNI. -aj ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
