--On Mittwoch, 19. Januar 2005 17:04 Uhr +1100 Alan Milligan <[EMAIL PROTECTED]> wrote:

Hash: SHA1

Andreas Jung wrote:

| There is zero need to relax this requirement. You only have to start
| Zope as root
I just explained you cannot start as root ...

And I explained that Zope wants to the change the UID to a non-root account for security reasons.

| to get port 80 but it is in general not a good idea for *any* service to | run | as root for security reasons. So there is absolutely no reason to *not* | changing | the the uid of the process to a user with less permissions. Says you!!

I happen to be using zope to wrap a number of excellent Python rpm
packaging scripts/modules (eg yum, mach), and as part of this process,
need to do rpm package installs from the zope server which obviously
requires root access.

I see no reason why I should be penalised for using the excellent
workflow features of Zope in a system programming environment.

If Zope is to be useful to the widest cross community, we really MUST
stop this 'we know best' attitude and allow people at the coalface to
override default behaviour as only they are in a position to evaluate
the appropriateness of the 'security reasons'.

To be honest: if you need another behaviour than the one implemented then fix it on your own and maybe
put a patch into the Zope collector. So if someone has the same problem it can grab the patch. At least your usecase
does not seem to be common so I don't think we should add such a dangerous feature (although if disabled by default)
with Zope. There are also other applications e.g. postgres that refuse to run as root. If you need to perform
root-level operations from within a non-rooted Zope there are enough solutions available to give
the application limited root right (sudo etc....search on freshmeat). I consider your request as a YAGNI.


Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to