Bug 442376 - init script won't start zope on port 80 as user zope
Summary: init script won't start zope on port 80 as user zope
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: zope   
(Show other bugs)
Version: el5
Hardware: noarch Linux
Target Milestone: ---
Assignee: Jonathan Steffan
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2008-04-14 16:11 UTC by Ian Young
Modified: 2008-08-11 19:08 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-08-11 19:08:17 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Ian Young 2008-04-14 16:11:58 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20080311 Firefox/

Description of problem:
the command in the script:

  output=`$zopectl -u $user start 2>/dev/null`

won't work if the zope.conf has

  address 80

however, if the script is changed such that the user arg is after 'start', as so:

  output=`$zopectl start -u $user 2>/dev/null`

Zope starts correctly

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. change the 'address' in /var/lib/zope/etc/zope.conf from 8080 to 80
2. run /etc/init.d/zope start 
3. check listening ports with netstat -tlp

Actual Results:
python wasn't listening on port 80

Expected Results:
python should've been listening on port 80:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 *:http                      *:*                         LISTEN      3569/python

Additional info:

Comment 1 Jonathan Steffan 2008-04-14 18:20:29 UTC
This is more then likely due to SELinux. Please let me know if you have selinux
enforcing... the zope initscipt doesn't have access to bind on port 80.

Comment 2 Ian Young 2008-04-14 18:33:34 UTC
SELinux is disabled (getenforce returns 'Disabled'). In addition, it actually
DOES start on port 80 after changing the command to 

$zopectl start -u $user [etc...]

Comment 3 Ian Young 2008-04-14 18:38:03 UTC
And I can only assume that the user is set correctly, based on the ps uax results:

root      3701  0.0  0.3  11140  3748 ?        Ss   13:55   0:00 /usr/bin/python
/usr/lib/zope/lib/python/zdaemon/zdrun.py -S
/usr/lib/zope/lib/python/Zope2/Startup/zopeschema.xml -b 10 -d -s
/var/lib/zope/var/zopectlsock -x 0,2 -z /var/lib/zope /var/lib/zope/bin/runzope
zope      3702  1.7 10.8 161596 111988 ?       Sl   13:55   0:44 /usr/bin/python
/usr/lib/zope/lib/python/Zope2/Startup/run.py -C /var/lib/zope/etc/zope.conf

Comment 4 Jonathan Steffan 2008-04-14 18:41:47 UTC
Ah, odd. Thanks for the report. I've added this to my TODO.

Comment 5 Ian Young 2008-04-14 18:46:33 UTC
Having tested it further, it seems that the default behavior of "zopectl start"
is what I'm seeing: zdaemon starts as root, zope's run.py runs as zope. 

I had assumed that, started as root, it would work with `zopectl -u zope start`,
but I may be wrong.

Comment 6 Jonathan Steffan 2008-05-30 01:23:31 UTC
Ah, after re-reading #3 both users should be 'zope':

zope     16592  0.0  0.2 138096  5468 ?        Ss   21:13   0:00 /usr/bin/python
/usr/lib64/zope/lib/python/zdaemon/zdrun.py -S
/usr/lib64/zope/lib/python/Zope2/Startup/zopeschema.xml -b 10 -d -s
/var/lib/zope/var/zopectlsock -u zope -x 0,2 -z /var/lib/zope
zope     16593 56.6  4.2 329384 87568 ?        D    21:13   0:10 /usr/bin/python
/usr/lib64/zope/lib/python/Zope2/Startup/run.py -C /var/lib/zope/etc/zope.conf

I missed solving this bug before pushing out 2.10.6, sorry about that. I've been
told, albeit a while ago, that zopectl -u is broken and I should be doing a
'sudo -u zope zopectl start' which just doesn't seem right. I'll need to consult
Fedora/EPEL policy regarding the use of sudo in init scripts. I also am not sure
if using 'sudo -u' will result in being able to bind to a port < 1024.

Please try 'sudo -u zope zopectl fg' with your configuration. If it is able to
bind to port 80 and both processes are running as zope, please let me know. Thanks.

Note You need to log in before you can comment on or make changes to this bug.