Zope on Port 80

Peter Hansen peter at engcorp.com
Tue Jan 14 23:39:03 CET 2003


Peter Hansen wrote:
> 
> Elias Ponvert wrote:
> >
> > Apologies if this is a FAQ, I've not seen it anywhere.
> >
> > Is there any reason _not_ to run Zope on port 80 of, say,
> > mymachine.foo.com? Assume that I'm OK with mymachine only running
> > Zope. Are there other reasons? Security? Caching?
> 
> A process has to be root, at least initially, to bind to port 80 (or
> any port below 1024) under Linux.  That in itself might pose security
> risks for you.

I should note that the way in which Zope switches from root to,
say, nobody, if you've configured it that way, appears to involve
a race condition which can, under the right circumstances, break
the setuid switching that happens.

We have a product which starts up some new tasks.  Zope actually
imports and registers each product *before* it switches from being
"root", and in at least one instance which we've currently had to
work around, starting up our own task meant that none of the
threads switched to be "nobody".  

By the way, there are Zope mailing lists which are probably a 
better place to ask such questions.  Check on the www.zope.org
site for details.

-Peter




More information about the Python-list mailing list