Zope effective user support


It is best practice to run Zope behind a reverse proxy like Apache, Squid or Varnish. In this case, you do not need to run or install Zope with root privileges, since the reverse proxy will bind to port 80 and proxy back all request to Zope running on an unprivileged port.

Zope can bind its network service to low ports such as 21 (FTP) and 80 (HTTP). In order to bind to low ports, Zope must be started as the root user. However, Zope will only run as root long enough to bind to these low ports. It will then attempt to setuid to a less privileged user.

You must specify the user to which Zope will attempt to setuid by changing the ‘effective-user’ parameter in the zope.conf configuration file to an existing username or UID. All runtime files will be written as this user. If you do not specify an ‘effective-user’ in the configuration file, and you attempt to start Zope, it will refuse to start.

Zope additionally emits a warning if you specify ‘nobody’ as the ‘effective-user’. The rationale for this warning stems from the fact that, historically, many other UNIX services dropped privileges to the ‘nobody’ account after starting as root. Any security defects in these services could cause someone to gain access as the ‘nobody’ account on your system. If someone was to gain control of your ‘nobody’ account they could compromise your Zope files.

The most important thing to remember about effective user support is that you don’t have to start Zope as root unless you want to listen for requests on low ports (ports beneath 1024). In fact, if you don’t have this need, you are much better off just starting Zope under a dedicated user account.