Zope on Port 80
Peter Hansen
peter at engcorp.com
Tue Jan 14 17:39:03 EST 2003
Peter Hansen wrote:
>
> Elias Ponvert wrote:
> >
> > Apologies if this is a FAQ, I've not seen it anywhere.
> >
> > Is there any reason _not_ to run Zope on port 80 of, say,
> > mymachine.foo.com? Assume that I'm OK with mymachine only running
> > Zope. Are there other reasons? Security? Caching?
>
> A process has to be root, at least initially, to bind to port 80 (or
> any port below 1024) under Linux. That in itself might pose security
> risks for you.
I should note that the way in which Zope switches from root to,
say, nobody, if you've configured it that way, appears to involve
a race condition which can, under the right circumstances, break
the setuid switching that happens.
We have a product which starts up some new tasks. Zope actually
imports and registers each product *before* it switches from being
"root", and in at least one instance which we've currently had to
work around, starting up our own task meant that none of the
threads switched to be "nobody".
By the way, there are Zope mailing lists which are probably a
better place to ask such questions. Check on the www.zope.org
site for details.
-Peter
More information about the Python-list
mailing list