Log message for revision 96829: SETUID reSTified Changed: U Zope/trunk/doc/SETUID.txt U Zope/trunk/doc/index.txt
-=- Modified: Zope/trunk/doc/SETUID.txt =================================================================== --- Zope/trunk/doc/SETUID.txt 2009-02-20 15:29:53 UTC (rev 96828) +++ Zope/trunk/doc/SETUID.txt 2009-02-20 15:32:40 UTC (rev 96829) @@ -1,29 +1,30 @@ Zope effective user support +=========================== - Zope can bind its network service to low ports such as 21 (FTP) and - 80 (HTTP). In order to bind to low ports, Zope must be started as - the root user. However, Zope will only run as root long enough to - bind to these low ports. It will then attempt to setuid to a less - privileged user. +Zope can bind its network service to low ports such as 21 (FTP) and +80 (HTTP). In order to bind to low ports, Zope must be started as +the root user. However, Zope will only run as root long enough to +bind to these low ports. It will then attempt to setuid to a less +privileged user. - You must specify the user to which Zope will attempt to setuid by - changing the 'effective-user' parameter in the zope.conf - configuration file to an existing username or UID. All runtime - files will be written as this user. If you do not specify an - 'effective-user' in the configuration file, and you attempt to start - Zope, it will refuse to start. +You must specify the user to which Zope will attempt to setuid by +changing the 'effective-user' parameter in the zope.conf +configuration file to an existing username or UID. All runtime +files will be written as this user. If you do not specify an +'effective-user' in the configuration file, and you attempt to start +Zope, it will refuse to start. - Zope additionally emits a warning if you specify 'nobody' as the - 'effective-user'. The rationale for this warning stems from the - fact that, historically, many other UNIX services dropped privileges - to the 'nobody' account after starting as root. Any security - defects in these services could cause someone to gain access as the - 'nobody' account on your system. If someone was to gain control of - your 'nobody' account they could compromise your Zope files. +Zope additionally emits a warning if you specify 'nobody' as the +'effective-user'. The rationale for this warning stems from the +fact that, historically, many other UNIX services dropped privileges +to the 'nobody' account after starting as root. Any security +defects in these services could cause someone to gain access as the +'nobody' account on your system. If someone was to gain control of +your 'nobody' account they could compromise your Zope files. - The most important thing to remember about effective user support is - that you don't have to start Zope as root unless you want to listen - for requests on low ports (ports beneath 1024). In fact, if you - don't have this need, you are much better off just starting Zope - under a dedicated user account. +The most important thing to remember about effective user support is +that you don't have to start Zope as root unless you want to listen +for requests on low ports (ports beneath 1024). In fact, if you +don't have this need, you are much better off just starting Zope +under a dedicated user account. Modified: Zope/trunk/doc/index.txt =================================================================== --- Zope/trunk/doc/index.txt 2009-02-20 15:29:53 UTC (rev 96828) +++ Zope/trunk/doc/index.txt 2009-02-20 15:32:40 UTC (rev 96829) @@ -13,6 +13,7 @@ CHANGES.txt INSTALL.txt ZOPE3.txt + SETUID.txt Indices and tables ================== _______________________________________________ Zope-Checkins maillist - Zope-Checkins@zope.org http://mail.zope.org/mailman/listinfo/zope-checkins