[Zope] what user and group to use for zope install
Pavlos Christoforou
pavlos@gaaros.msrc.sunysb.edu
Wed, 27 Oct 1999 15:23:47 -0400 (EDT)
On Wed, 27 Oct 1999, Geoff Nordli wrote:
> Should I create a user, and group for zope install?
>
> Where should I put the installation? "/usr/local/zope"
/usr/local/zope is fine. And yes you could create a new user/group just
for Zope.
>
> Should the user/group own Zope's entire directory
> structure.
yes, even though is not required, it certainly makes things easier.
The exception is if you run Zope as root. in that case ZServer changes the
process id to nobody for security reasons. Therefore your var directory
and *all* the subdirectories/files should be owned by nobody including
write permissions for nobody.
> In the documentation it says that the user that
> starts Zope must own the var directory. How do
> you know what user is being used to start Zope,
> and how do you control it. I did the compile using
> "root".
Zope will run as the user who started the process, ie the login user,
unless that is root, in which case it will change to nobody.
> What kind of security implication is having root
> own the zope directory.
I do not know of any security problems having root own the zope dir, as
long as the process is running as nobody.
>
> If I want to add additional components to zope
> like mysql, apache, and whatever--does this
> affect the user that zope runs under?
I suppose most of the services you mention have their own ideas about
authentication, so you will need to explicitly deal with them anyway.
Regards
Pavlos