Override sanity check when running Plone buildout?

StackOverflow https://stackoverflow.com/questions/21761403

  •  11-10-2022
  •  | 
  •  

Question

I'm running Ubuntu 12.04 LTS with an apache server for my Jira/Confluence application. Now I need to additionally install an instance of Plone (production). But port 8080 is already taken by Jira and until now I couldn't find working instructions to change this.

I followed these instructions to install plone: http://developer.plone.org/getstarted/ubuntu_production.html Do I have to take care of the port during these instructions?

I have found this site (2.5. Creating New Instances): http://plone.org/documentation/manual/installing-plone/referencemanual-all-pages where it says you have to change some settings in buildout.cfg. But even as sudoer I can't run these instructions. I get this:

buildout.sanitycheck: 
***********************************************************
Buildout should not be run while superuser. Doing so allows
untrusted code to be run as root.
Instead, you probably wish to do something like:
    sudu -u plone_buildout bin/buildout

If you have a good reason to bypass this restriction,
remove the buildout.sanitycheck extension from your buildout.
***********************************************************

While:
Installing.
Loading extensions.
Error: User attempt to give system ownership to Internet

*************** PICKED VERSIONS ****************

[versions]

*************** /PICKED VERSIONS ***************

But how can I remove the sanity check? I can't find it in this file.

Was it helpful?

Solution

We've got multiple issues here.

Changing Ports

To change the port Plone attaches to, edit buildout.cfg and look for the lines:

[instance]
<= instance_base
recipe = plone.recipe.zope2instance
http-address = 8080

Change '8080' to the desired port. If this is a ZEO configuration, look for 'client#' parts instead and change their port numbers. Choose ports > 1024. After editing, run buildout.

Running Buildout

If you used sudo to run the Unified Installer, that caused it to create plone_buildout and plone_daemon system users. The "plone_buildout" user is meant to be used to run buildout, and owns the code files. The "plone_daemon" user is meant to be used to run the long-lived processes that connect to the Internet, and it owns the data.

This scheme is carefully contrived so that you do not have to run buildout as root, and so that the long-lived daemon processes will have (close to) minimum privileges. Under this scheme, you run buildout as the plone_buildout user, generally with the command:

sudo -u plone_buildout bin/buildout

The command "sudo -u username" causes the rest of the command line to be executed under the effective ownership of the specified user.

It is generally a very, very bad idea to run buildout as root. That's why the sanity check exists. Running buildout as root means that you are giving control of your system to the author of every setup.py file in every module downloaded by buildout. Don't do it.

A note on a common misconception: The Unified Installer, when run as root, via sudo, does not run buildout as root (at least not in any recent version). It uses root privileges to create a plone_buildout user, then runs buildout as that user.

OTHER TIPS

Just remove buildout.sanitycheck of base.cfg.

As the docs also instruct to sudo after a root-install, the warning makes only sense in a non-root-install.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top