Red Hat Bugzilla – Bug 442376
init script won't start zope on port 80 as user zope
Last modified: 2008-08-11 15:08:17 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:184.108.40.206) Gecko/20080311 Firefox/220.127.116.11
Description of problem:
the command in the script:
output=`$zopectl -u $user start 2>/dev/null`
won't work if the zope.conf has
however, if the script is changed such that the user arg is after 'start', as so:
output=`$zopectl start -u $user 2>/dev/null`
Zope starts correctly
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. change the 'address' in /var/lib/zope/etc/zope.conf from 8080 to 80
2. run /etc/init.d/zope start
3. check listening ports with netstat -tlp
python wasn't listening on port 80
python should've been listening on port 80:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:http *:* LISTEN 3569/python
This is more then likely due to SELinux. Please let me know if you have selinux
enforcing... the zope initscipt doesn't have access to bind on port 80.
SELinux is disabled (getenforce returns 'Disabled'). In addition, it actually
DOES start on port 80 after changing the command to
$zopectl start -u $user [etc...]
And I can only assume that the user is set correctly, based on the ps uax results:
root 3701 0.0 0.3 11140 3748 ? Ss 13:55 0:00 /usr/bin/python
/usr/lib/zope/lib/python/Zope2/Startup/zopeschema.xml -b 10 -d -s
/var/lib/zope/var/zopectlsock -x 0,2 -z /var/lib/zope /var/lib/zope/bin/runzope
zope 3702 1.7 10.8 161596 111988 ? Sl 13:55 0:44 /usr/bin/python
/usr/lib/zope/lib/python/Zope2/Startup/run.py -C /var/lib/zope/etc/zope.conf
Ah, odd. Thanks for the report. I've added this to my TODO.
Having tested it further, it seems that the default behavior of "zopectl start"
is what I'm seeing: zdaemon starts as root, zope's run.py runs as zope.
I had assumed that, started as root, it would work with `zopectl -u zope start`,
but I may be wrong.
Ah, after re-reading #3 both users should be 'zope':
zope 16592 0.0 0.2 138096 5468 ? Ss 21:13 0:00 /usr/bin/python
/usr/lib64/zope/lib/python/Zope2/Startup/zopeschema.xml -b 10 -d -s
/var/lib/zope/var/zopectlsock -u zope -x 0,2 -z /var/lib/zope
zope 16593 56.6 4.2 329384 87568 ? D 21:13 0:10 /usr/bin/python
/usr/lib64/zope/lib/python/Zope2/Startup/run.py -C /var/lib/zope/etc/zope.conf
I missed solving this bug before pushing out 2.10.6, sorry about that. I've been
told, albeit a while ago, that zopectl -u is broken and I should be doing a
'sudo -u zope zopectl start' which just doesn't seem right. I'll need to consult
Fedora/EPEL policy regarding the use of sudo in init scripts. I also am not sure
if using 'sudo -u' will result in being able to bind to a port < 1024.
Please try 'sudo -u zope zopectl fg' with your configuration. If it is able to
bind to port 80 and both processes are running as zope, please let me know. Thanks.