Bug 442376 - init script won't start zope on port 80 as user zope
init script won't start zope on port 80 as user zope
Status: CLOSED INSUFFICIENT_DATA
Product: Fedora EPEL
Classification: Fedora
Component: zope (Show other bugs)
el5
noarch Linux
low Severity low
: ---
: ---
Assigned To: Jonathan Steffan
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-04-14 12:11 EDT by Ian Young
Modified: 2008-08-11 15:08 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-08-11 15:08:17 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Ian Young 2008-04-14 12:11:58 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13

Description of problem:
the command in the script:

  output=`$zopectl -u $user start 2>/dev/null`

won't work if the zope.conf has

  address 80

however, if the script is changed such that the user arg is after 'start', as so:

  output=`$zopectl start -u $user 2>/dev/null`

Zope starts correctly


Version-Release number of selected component (if applicable):
zope-2.10.5-2

How reproducible:
Always


Steps to Reproduce:
1. change the 'address' in /var/lib/zope/etc/zope.conf from 8080 to 80
2. run /etc/init.d/zope start 
3. check listening ports with netstat -tlp


Actual Results:
python wasn't listening on port 80

Expected Results:
python should've been listening on port 80:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 *:http                      *:*                         LISTEN      3569/python


Additional info:
Comment 1 Jonathan Steffan 2008-04-14 14:20:29 EDT
This is more then likely due to SELinux. Please let me know if you have selinux
enforcing... the zope initscipt doesn't have access to bind on port 80.
Comment 2 Ian Young 2008-04-14 14:33:34 EDT
SELinux is disabled (getenforce returns 'Disabled'). In addition, it actually
DOES start on port 80 after changing the command to 

$zopectl start -u $user [etc...]

Comment 3 Ian Young 2008-04-14 14:38:03 EDT
And I can only assume that the user is set correctly, based on the ps uax results:

root      3701  0.0  0.3  11140  3748 ?        Ss   13:55   0:00 /usr/bin/python
/usr/lib/zope/lib/python/zdaemon/zdrun.py -S
/usr/lib/zope/lib/python/Zope2/Startup/zopeschema.xml -b 10 -d -s
/var/lib/zope/var/zopectlsock -x 0,2 -z /var/lib/zope /var/lib/zope/bin/runzope
zope      3702  1.7 10.8 161596 111988 ?       Sl   13:55   0:44 /usr/bin/python
/usr/lib/zope/lib/python/Zope2/Startup/run.py -C /var/lib/zope/etc/zope.conf
Comment 4 Jonathan Steffan 2008-04-14 14:41:47 EDT
Ah, odd. Thanks for the report. I've added this to my TODO.
Comment 5 Ian Young 2008-04-14 14:46:33 EDT
Having tested it further, it seems that the default behavior of "zopectl start"
is what I'm seeing: zdaemon starts as root, zope's run.py runs as zope. 

I had assumed that, started as root, it would work with `zopectl -u zope start`,
but I may be wrong.
Comment 6 Jonathan Steffan 2008-05-29 21:23:31 EDT
Ah, after re-reading #3 both users should be 'zope':

zope     16592  0.0  0.2 138096  5468 ?        Ss   21:13   0:00 /usr/bin/python
/usr/lib64/zope/lib/python/zdaemon/zdrun.py -S
/usr/lib64/zope/lib/python/Zope2/Startup/zopeschema.xml -b 10 -d -s
/var/lib/zope/var/zopectlsock -u zope -x 0,2 -z /var/lib/zope
/var/lib/zope/bin/runzope
zope     16593 56.6  4.2 329384 87568 ?        D    21:13   0:10 /usr/bin/python
/usr/lib64/zope/lib/python/Zope2/Startup/run.py -C /var/lib/zope/etc/zope.conf

I missed solving this bug before pushing out 2.10.6, sorry about that. I've been
told, albeit a while ago, that zopectl -u is broken and I should be doing a
'sudo -u zope zopectl start' which just doesn't seem right. I'll need to consult
Fedora/EPEL policy regarding the use of sudo in init scripts. I also am not sure
if using 'sudo -u' will result in being able to bind to a port < 1024.

Please try 'sudo -u zope zopectl fg' with your configuration. If it is able to
bind to port 80 and both processes are running as zope, please let me know. Thanks.

Note You need to log in before you can comment on or make changes to this bug.