Date: Mon, 19 Jun 2000 12:22:05 +0200 To: SuSE Linux Mailing List suse-linux-e <suse-linux-e@suse.com> From: Eric Maryniak <e.maryniak@pobox.com> Subject: [SLE] Step-by-step installation of Zope (2.1.7) on SuSE Linux 6.3 Dear list, (Bcc-ed, so e-mail addresses don't appear on the html pages of web-searchable mailing list, to: Jeff Rush, Piotr Kozbial, Amos Latteier, Jules Allen, and some friends and collegues) Please find below a detailed step-by-step description of the procedure that I used to install Zope 2.1.7 under SuSE Linux 6.3 and 6.4. Included are: o Setup with existing web server (ic. Apache) in /opt/zope o Apache rewrite rules for any static content and virtual hosts o Start/Kill rc script according to SuSE Linux standards Should you decide to use it somehow (of course at your own risk ;-), I'd welcome any thoughts, comments and bug fixes you might have. I have tried to do my best at testing the various pieces of software and config setup's, and studied all docu to the best of my knowledge, but real Zope and SuSE Linux experts should have a final say on this. * Background/rationale. Some time ago I asked if anybody got Zope running on SuSE Linux and what setup was chosen and why (ZServer or Apache, and if Apache, FastCGI, PCGI, Proxy, ...). I received very helpful e-mail from Piotr and from Jeff, whose Red Hat rpm's and notes on: http://starship.python.net/crew/jrush/Zope/Zope216.html are also very informative. Furthermore, I studied the various howto's and other docu about SuSE on the Zope site, http://www.zope.org/ With all this info, however, I wasn't really satisfied, because: a) I didn't like the setup in many cases from a security point of view (I'm not a security expert, but I do know, it's generally not a good idea to run a service as root). b) Jeff's RPM's proved to be too Red Hat specific and failed to install properly on SuSE Linux 6.3 and 6.4 (in my case anyway), v2.1.6 gave: an 'rpm -i Zope-2.1.6-1.i386.rpm Zope-pcgi-2.1.6-1.i386.rpm' outputs: error: failed dependencies: python-devel is needed by Zope-2.1.6-1 /sbin/chkconfig is needed by Zope-2.1.6-1 Note that SuSE does not have a separate 'python-devel' package and that /sbin/chkconfig does not exist in SuSE, it is Red Hat specific... Imho it's Linux distro idiosyncracies like this that may be a serious problem to desktop end user acceptance of Linux. You can force an install with 'rpm -i --nodeps', but, eh, my 32 Mb SuSE Linux 6.4 system at home gave: execution of script failed Segmentation fault Anyways, Zope was extracted, which allowed me to study Jeff's setup. It's unfortunate that Jeff's rpm's did not work on SuSE because he has done a remarkable job (including a lot of Zope bug fixes!). c) The Zope howto's, and there are several, are sometimes a little outdated, incomplete or conflicting. So, I realized that the lazy rpm days were over and decided to dive into it --- deeply as it turned out ;-) First I decided on the setup to use, because: a) we already have a lot of "static" html pages, which are to be gradually zope-ed, but not right away b) thus, zope should not become / (and the static pages /static) right away, because a lot of people have bookmarked the old url's (solved by using Zope on an internal virtual host, migrating pages, and making the internal zope host the external) c) on some pages we want to use ssl (which works fine with apache but not with Zope ZServer). d) and have apache as primary server, so the logging (visitor statistics) can be kept unified. It would seem, judging from Guy Davis' (recent) notes: http://www.zope.org/Members/guy_davis/install_routes/ that Apache+Zope via PCGI was the best way (at least for the relative novice): "... My Solution - After a couple of days and with much help, I was able to get Zope working with Apache through PCGI. All the other methods had drawbacks or didn't work for me, so I'd have to recommend PCGI for Apache users. ...". So please find my... =========================================================================== Installation of Zope (2.1.7) on SuSE Linux 6.3 and 6.4, step-by-step Eric Maryniak <e.maryniak@pobox.com>, 2000-06-16. Home page: http://pobox.com/~e.maryniak/ This is a detailed step-by-step description of the procedure that I used to install Zope 2.1.7 under SuSE Linux 6.3 and 6.4. Included are: o Setup with existing web server (ic. Apache) in /opt/zope o Apache rewrite rules for any static content and virtual hosts o Start/Kill rc script according to SuSE Linux standards To install Zope 2.1.7 (dated 2000-06-15) on SuSE Linux 6.3 or 6.4 with the existing Apache web server (httpd) using Persistent CGI (PCGI), log in as root or become root ('su - root') and follow the steps below. I have tried to setup Zope with security in mind, but since this is not my field of expertise I welcome feedback there! Notes: - The 'bash' shell is assumed. - The Unix shell prompt for root is '# ' and '$ ' for normal users. - I use here-documents (those 'cat << ...' thingies) frequently in the copy & pastable Unix commands below. You may want to familiarize yourself with this rather neat (ba)sh feature first ('man bash' ;-) Important last note: - Shortly after I downloaded Zope 2.1.7, which was basically 2.1.6 with security fixes, the Zope maintainers pulled version 2.1.7 in favor of a so-called "hot fix" product, please see: http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert/ so please read "2.1.6" in the rest of this document for "2.1.7" and apply this hot fix after you have concluded all the steps below. Step 1/8. Verify python 1.5.2 is installed ========================================== First verify that your are running Python version 1.5.2: # rpm -q python You should get something like 'python-1.5.2-97'. Alternatively, simply run Python ('python'). Somewhere in the welcome blurp, the version number is hidden :-) Note that, unlike Red Hat, there is no 'python-devel' SuSE package. Step 2/8. Extract the Zope source ================================= Important: see the "Important last note" above about the version 2.1.6 and 2.1.7 issue. Download the Zope 2.1.7 source from: http://www.zope.org/Products/Zope/2.1.7/ and store it in directory: /usr/src/packages/SOURCES/ This document describes the installation and configuration of Zope version 2.1.7 (dated 2000-06-15), but it may also work for newer (and perhaps older) versions. Be sure to download the _source_ tarball (Zope-x.y.z-src.tgz), not a binary distribution for some specific operating system. Extract the Zope 2.1.7 source (a gnuzipped tarball) and rename the Zope directory to /opt/zope: # cd /opt # tar zxvf /usr/src/packages/SOURCES/Zope-2.1.7-src.tgz # mv Zope-2.1.7-src /opt/zope Note that '/opt/zope' is also the directory to unpack any additional Zope products (zproducts) in, that you might be installing later. Enter the Zope directory and perhaps have a look at the Zope documentation. You may notice that the files have a funny ownership, but you may safely leave that for now (it is fixed in a later step). # cd /opt/zope # less README.txt doc/INSTALL.txt doc/*.txt Step 3/8. Build Zope (PCGI with existing web server setup) ========================================================== Build Zope to use PCGI with an existing web server (Apache in our case), hence use the 'w_pcgi.py' script: # cd /opt/zope # python w_pcgi.py Write down the generated Zope superuser password! The user account info is stored in file '/opt/zope/access' which must have file permission 0600 (but we will come to security settings in the next steps). You can always change the Zope administrator (superuser) password later on the command line (this is explained in section "Zope administration"). Step 4/8. Fix file permissions and ownerships of the Zope tree ============================================================== After unpacking, the Zope tree (/opt/zope) has a few peculiarities. The ownership is uid 506 and group id is 'users'. Furthermore, some directories are group writable. The building process did not fix this. Bring the files more in line with other SuSE program directories, which are often root:root and 0755 for directories c.q. 0644 for files at most. Make the 'var' directory (/opt/zope/var) writable for wwwrun:nogroup, which is the uid:gid the Apache web server runs as, so Zope.cgi (called by httpd) can write logging info, program pid's and the Zope database itself (Data.fs) there. The 'access' file is also fixed: # chown -Rh root:root /opt/zope # chmod -R og-w /opt/zope # chown -R wwwrun:nogroup /opt/zope/var # chmod 0600 /opt/zope/access # chown wwwrun:nogroup /opt/zope/access Next, change the 'start' script (save a backup first), to make sure the Zope server is started as user wwwrun:nogroup, just like the Apache web server (option '-u' is used for this). Also remove the debug option ('-D'). Be sure to fully copy and paste the cat command, ie. upto and including the end-of-script (_EOS) marker or just start an editor and copy the stuff between 'cat << ...' and '_EOS': # mv /opt/zope/start /opt/zope/start.orig # cat <<'______EOS' > /opt/zope/start #! /bin/sh reldir=`dirname $0` PYTHONHOME=`cd $reldir; pwd` export PYTHONHOME exec /usr/bin/python $PYTHONHOME/z2.py -u wwwrun "$@" ______EOS # chown root:root /opt/zope/start # chmod 0711 /opt/zope/start Create a symlink from /var/log/zope to /opt/zope/var, so you can use a 'tail -f /var/log/zope/*.log /var/log/httpd*log /var/log/httpd/*log' to monitor zope and web log files: # ln -s /opt/zope/var /var/log/zope Finally, verify that there are no setuid or setgid files (always a safe precaution): # find /opt/zope \ -type f \( -perm -04000 -o -perm -02000 \) -exec ls -lg {} \; Step 5/8. Create a cgi-bin directory for Zope.cgi ================================================= Create a special cgi-bin directory for Zope.cgi, because the default cgi-bin directory does not allow cgi scripts to execute ('Options None' in /etc/httpd/httpd.conf of SuSE Linux 6.3 and 6.4). Instead of adding an 'Options +ExecCGI' to the generic cgi-bin directory and thus possibly creating a security hole, we therefore create a special zope-cgi-bin directory (and add 'ExecCGI' later, when we edit the Apache config file). Use the same ownership (root:root) and permission (0755) as the other cgi-bin directory: # mkdir /usr/local/httpd/zope-cgi-bin # chown root:root /usr/local/httpd/zope-cgi-bin # chmod 0755 /usr/local/httpd/zope-cgi-bin For the <VirtualHost> virtual.yourdomain.tld, do (note: a base directory '/home/www/<virtual-host>' is assumed in the rest of this document for all your virtual hosts, if any): # mkdir /home/www/virtual.yourdomain.tld/zope-cgi-bin # chown root:root /home/www/virtual.yourdomain.tld/zope-cgi-bin # chmod 0755 /home/www/virtual.yourdomain.tld/zope-cgi-bin Copy Zope.cgi to the specially created zope cgi-bin directory: # cp -p /opt/zope/Zope.cgi /usr/local/httpd/zope-cgi-bin/. For the <VirtualHost> 'virtual.yourdomain.tld', do: # cp -p /opt/zope/Zope.cgi /home/www/virtual.yourdomain.tld/zope-cgi-bin/. Make sure Zope.cgi has the same ownership (root:root) and permission (0755) as the cgi scripts in /usr/local/httpd/cgi-bin/. Step 6/8. Configure Apache for Zope with PCGI ============================================= Now that Zope is built and installed, we have to configure the Apache web server (httpd) so that Zope can be used (via PCGI). Furthermore, we want to make sure Zope is started after a system reboot. We already copied Zope.cgi to the cgi-bin directory. As always, begin with making a copy of the Apache config file in case you need to rollback: # cp -p /etc/httpd/httpd.conf /etc/httpd/httpd.conf.bak First add an entry for the zope-cgi-bin directory we created above. Either do this globally, or for specific virtual hosts (in our case for the <VirtualHost> 'virtual.yourdomain.tld'). In the Apache web server configuration file (/etc/httpd/httpd.conf) locate 'ScriptAlias /cgi-bin/' and '<Directory "/usr/local/httpd/cgi-bin">' and add the zope-cgi-bin entries (add the '==> Add this' piece). ===> For the global configuration: [---- Begin file (fragment): /etc/httpd/httpd.conf ----] # ... Notes about ScriptAlias ... ScriptAlias /cgi-bin/ "/usr/local/httpd/cgi-bin/" # ... The regular cgi-bin directory: <Directory "/usr/local/httpd/cgi-bin"> # ... with very restrictive 'Options None' ... </Directory> # ==> Add this: # Zope.cgi is located in it's own zope-cgi-bin, because ExecCGI # permission is needed, which is not (by default) enabled in SuSE # Linux 6.3 and 6.4 for the regular cgi-bin directory. ScriptAlias /zope-cgi-bin/ "/usr/local/httpd/zope-cgi-bin/" <Directory "/usr/local/httpd/zope-cgi-bin"> AllowOverride None Options None Options +ExecCGI Order allow,deny Allow from all </Directory> # ==> End: zope-cgi-bin <== [------ End file (fragment): /etc/httpd/httpd.conf ----] ===> For the <VirtualHost> 'virtual.yourdomain.tld' configuration: [---- Begin file (fragment): /etc/httpd/httpd.conf ----] # ... Notes about ScriptAlias ... ScriptAlias /cgi-bin/ "/home/www/virtual.yourdomain.tld/cgi-bin/" # ... The regular cgi-bin directory: <Directory "/home/www/virtual.yourdomain.tld/cgi-bin"> # ... with very restrictive 'Options None' ... </Directory> # ==> Add this: # Zope.cgi is located in it's own zope-cgi-bin, because ExecCGI # permission is needed, which is not (by default) enabled in SuSE # Linux 6.3 and 6.4 for the regular cgi-bin directory. ScriptAlias /zope-cgi-bin/ "/home/www/virtual.yourdomain.tld/zope-cgi-bin/" <Directory "/home/www/virtual.yourdomain.tld/zope-cgi-bin"> AllowOverride None Options None Options +ExecCGI Order allow,deny Allow from all </Directory> # ==> End: zope-cgi-bin <== [------ End file (fragment): /etc/httpd/httpd.conf ----] Next configure Apache to pass authentication headers to Zope. Add these lines to the _bottom_ of the Apache web server configuration file (/etc/httpd/httpd.conf) and/or to the _bottom_ of every virtual host you might have (enclosed in <VirtualHost>) and that you want to use Zope for (in our case for the <VirtualHost> 'virtual.yourdomain.tld'). Note that mod_rewrite must be loaded (default it is in SuSE Linux 6.3/6.4). ===> For the global configuration: [---- Begin file (fragment): /etc/httpd/httpd.conf ----] # Zope PCGI. # Final rewrite rules to ensure that '/' is served by Zope. # These must be the _last_ lines in the Apache httpd.conf file, or, # if that is appropiate, at the bottom of every <VirtualHost> you # wish to use Zope for. The order of the rules is significant! # To facilitate the migration of static content (*.html files in # /usr/local/httpd/htdocs) into Zope, it is served as /static/. RewriteEngine on # Remove the next 2 rules if migration of static content is done or # if you start with Zope from scratch and do not have html files yet. RewriteRule ^/static/(.*) /usr/local/httpd/htdocs/$1 [l] RewriteRule ^/cgi-bin/(.*) /usr/local/httpd/cgi-bin/$1 \ [e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l] # Ensure the documentroot '/' is served by Zope and Apache passes # authentication headers to Zope as well. Zope.cgi is located in it's # own /zope-cgi-bin/ directory for security reasons ('Options +ExecCGI'). RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule ^(.*) /usr/local/httpd/zope-cgi-bin/Zope.cgi$1 \ [e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l] [------ End file (fragment): /etc/httpd/httpd.conf ----] ===> For the <VirtualHost> 'virtual.yourdomain.tld' configuration: [---- Begin file (fragment): /etc/httpd/httpd.conf ----] # Zope PCGI with at the of <VirtualHost> 'virtual.yourdomain.tld. # Final rewrite rules to ensure that '/' is served by Zope. # These must be the _last_ lines in the Apache httpd.conf file, or, # if that is appropiate, at the bottom of every <VirtualHost> you # wish to use Zope for. The order of the rules is significant! # To facilitate the migration of static content (*.html files in # /home/www/virtual.yourdomain.tld/htdocs) into Zope, it is served as /static/. RewriteEngine on # Remove the next 2 rules if migration of static content is done or # if you start with Zope from scratch and do not have html files yet. RewriteRule ^/static/(.*) /home/www/virtual.yourdomain.tld/htdocs/$1 [l] RewriteRule ^/cgi-bin/(.*) /home/www/virtual.yourdomain.tld/cgi-bin/$1 \ [e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l] # Ensure the documentroot '/' is served by Zope and Apache passes # authentication headers to Zope as well. Zope.cgi is located in it's # own /zope-cgi-bin/ directory for security reasons ('Options +ExecCGI'). RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule ^(.*) /home/www/virtual.yourdomain.tld/zope-cgi-bin/Zope.cgi$1 \ [e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l] [------ End file (fragment): /etc/httpd/httpd.conf ----] Notes: a) The order of the rules is important and allows you to keep static html files (default in directory entry <Directory "/usr/local/httpd/htdocs">) and have them served as: http://www.yourhost.tld/static/* which allows a gradual zope-ing of your static content into Zope served content. In this setup Zope serves the root (http://www.yourhost.tld/). If, however, you start from scratch and do not have old static content, remove RewriteRule's '^/static/(.*)' and '^/cgi-bin/(.*)'. b) Note the intentional omission of trailing slashes in the last rule. If you use '^/(.*)' and 'Zope.cgi/$1' instead of '^(.*)' and 'Zope.cgi$1', respectively, you would have trouble deleting objects in the root folder. Furthermore, all html served by Zope would have an extra slash at the beginning ('//index.html' etc.), as can be verified by inspecting the log file '/opt/zope/var/Z2.log'. c) Replace '/usr/local/httpd/htdocs/' and/or '/usr/local/httpd/cgi-bin/' with appropiate locations if you changed SuSE's defaults and/or added virtual hosts for which you use Zope as well. d) If your Apache server does not support line splitting with '\', then every Rewrite* statement must be on one (1) line. e) The last character in some RewriteRule's ('[l]', ',l]') is the letter l, not the digit 1. You may restart Apache at this moment, just to verify that the httpd.conf is parsed ok, but realize that Zope is not running yet! If you want to be on the safe side, goto the next step. If you do want to restart Apache, keep a sharp lookout on the log files with 'tail -f' in a separate window: # tail -f /var/log/httpd.access_log /var/log/httpd/* and then restart the Apache server: # rcapache restart Undo the changes (using the backup '/etc/httpd/httpd.conf.bak') if strange things happen. Step 7/8. Create start/stop Zope rc script and verify Zope ========================================================== Using the rc skeleton script, /sbin/init.d/skeleton, as a starting point, create the Zope rc script, listed next. Be sure to fully copy and paste the cat command, ie. upto and including the end-of-script (_EOS) marker or just start an editor and copy the stuff between 'cat << ...' and '_EOS': # cat <<'______EOS' > /sbin/init.d/zope #! /bin/sh # Copyright (c) 1995-2000 SuSE GmbH Nuernberg, Germany. # # Author: Eric Maryniak <e.maryniak@pobox.com>, 2000-06-16. # # /sbin/init.d/zope # # and symbolic links: # # /usr/sbin/rczope # /sbin/init.d/rc2.d/K20apache # /sbin/init.d/rc2.d/S20apache # /sbin/init.d/rc3.d/K20apache # /sbin/init.d/rc3.d/S20apache # # Zope rc start/stop script for SuSE Linux 6.3 and 6.4. # The Zope base directory is assumed to be: /opt/zope # More information about Zope at the Zope web site: # # http://www.zope.org/ # . /etc/rc.config # Determine the base and follow a runlevel link name. base=${0##*/} link=${base#*[SK][0-9][0-9]} # Force execution if not called by a runlevel directory. test $link = $base && START_ZOPE=yes test "$START_ZOPE" = yes || exit 0 # The echo return value for success (defined in /etc/rc.config). return=$rc_done # The Zope base directory. zope_base=/opt/zope # The main Zope process id (Z2 pid) file. # This should be /var/run under SuSE Linux. # However, because the z2.py process is running as wwwrun and # Z2.pid has ownership wwwrun, z2.py cannot write to /var/run. # So we keep Zope's default (./var). zope_pid=$zope_base/var/Z2.pid # The Zope access file. zope_access=$zope_base/access # The Apache config file (if any). apache_config=/etc/httpd/httpd.conf case "$1" in start) ## Start Zope with the Zope start script '/opt/zope/start', ## unless it is already running (checked with 'checkproc'). ## If this fails, the echo return value is set appropriately. echo -n "Starting service Zope (z2.py):" checkproc -f $zope_pid /usr/bin/python 1>/dev/null 2>/dev/null if [ $? -eq 0 ]; then # Zope is still running. Do not start a second instance. return=$rc_failed else # Zope is not running (anymore). It is safe to try to start. ( /opt/zope/start 2>/dev/null & ) || return=$rc_failed fi echo -e "$return" ;; stop) ## Stop Zope with the Zope stop script '/opt/zope/stop'. ## If this fails, the echo return value is set appropriately. echo -n "Shutting down service Zope (z2.py):" /opt/zope/stop 2>/dev/null || return=$rc_failed echo -e "$return" ;; restart) ## Stop Zope and if that goes ok, start Zope. ## In either case, the echo return value is set appropriately. $0 stop && $0 start || return=$rc_failed ;; reload) ## Implement a reload as a restart, because the Zope scripts ## and Zope server do not seem to accept a SIGHUP signal to ## reread a (changed) configuration. $0 stop && $0 start || return=$rc_failed ;; status) ## Check Zope status with checkproc(8). ## If the process is running, checkproc exits with code 0. echo -n "Checking for service Zope (z2.py): " checkproc -f $zope_pid /usr/bin/python 1>/dev/null 2>/dev/null [ $? -eq 0 ] && echo OK || echo No process ;; probe) ## Probe for the necessity of a start, restart or reload and ## give out the argument which is required for the applicable ## action (if any). The idea is that you can always safely do: ## rczope `rczope probe` ## If there is nothing to do, or if there is an error condition, ## output will go to stderr, so the command will still work. # Check Zope status with checkproc(8) and save the result. checkproc -f $zope_pid /usr/bin/python 1>/dev/null 2>/dev/null [ $? -eq 0 ] && zope_runs=1 || zope_runs=0 # Zope needs a restart if the access file has been changed. # Thus, test if the access file is newer (-nt) than the pid file. # First test if the access file is present and if Zope is running. # Finally, also suggest a restart if the Apache configuration file, # if present, is newer (ie. has changed) than the pid file. # This is a conservative approach: most of the time a Zope restart # is probably not necessary, but the RewriteCond-ition(s) and/or # RewriteRule-(s) for Zope may have changed. if [ ! -e $zope_access ]; then echo "error: no access file ($zope_access); unable to probe." \ > /dev/stderr elif [ ! -e $zope_pid ]; then echo start elif [ $zope_runs -eq 0 ]; then echo start elif [ $zope_access -nt $zope_pid ]; then echo restart elif [ -e $apache_config ]; then if [ $apache_config -nt $zope_pid ]; then echo restart fi fi ;; *) echo "Usage: $0 {start|stop|restart|reload|status|probe}" \ > /dev/stderr exit 1 ;; esac # Inform the caller verbosely and set an exit status as well. test "$return" = "$rc_done" || exit 1 exit 0 ______EOS Next, fix permissions and ownerships: # chmod 0744 /sbin/init.d/zope # chown root:root /sbin/init.d/zope And create symbolic links. Also note the handy '/usr/sbin/rczope', which is SuSE specific. You have an rc<service> for all services (rcapache, rcmysql, rcsmb, etc.). I use it often, if not exclusively. Number 20 is somewhat arbitrary, but Apache has 20 as well, so Zope will be started shortly after Apache (/sbin/init.d/apache). # cd /sbin/init.d/rc2.d && ln -s ../zope K20zope; \ cd /sbin/init.d/rc2.d && ln -s ../zope S20zope; \ cd /sbin/init.d/rc3.d && ln -s ../zope K20zope; \ cd /sbin/init.d/rc3.d && ln -s ../zope S20zope # cd /usr/sbin && ln -s ../../sbin/init.d/zope rczope I wonder why SuSE uses these relative links (../) so extensively; it has probably to do with mount points when installing a new system (mount on /mnt, so /sbin is /mnt/sbin). Anyways, finish up with making /etc/rc.config (and thus YaST!) Zope aware (do a grep first, to prevent multiple entries). Be sure to fully copy and paste the grep/cat command, ie. upto and including the end-of-script (_EOS) marker or just start an editor and copy the stuff between 'grep ...' and '_EOS': # grep -q START_ZOPE /etc/rc.config || cat <<'______EOS' >> /etc/rc.config # # Should Zope be started at bootup? (yes/no) # # Zope is the leading Open Source web application server. # Zope enables teams to collaborate in the creation and management of # dynamic web-based business applications such as intranets and portals. # Zope makes it easy to build features such as site search, news, # personalization, and e-commerce into your web applications. # (Quoted from www.zope.org on 2000-06-14). # START_ZOPE=yes ______EOS Now we can restart Apache and start Zope: # rcapache restart # rczope start Simultaneously, keep a sharp lookout on the log files: # tail -f /var/log/httpd.access_log /var/log/httpd/* /var/log/zope/*.log Start a browser and see if you get the Zope welcome page! If strange things happen, rollback to backupped configuration files or undo changes. Step 8/8. Zope administration ============================= Once Zope is started, you can administer Zope with a locally started frames-capable web browser (such as Netscape) from this URL: http://localhost/manage You may get a warning: Alert!: Access without authorization denied -- retrying But then the prompt: Username for 'Zope' at server 'localhost': superuser Password: XXXXXXXX Alternatively, you can administer Zope from a non-local host, provided the host is a member of the domain (*.yourdomain.tld) to which the access is restricted. Changing the Zope adminstrator password. The Zope administrator account is used, amongst other things, to create Zope users. One of the first things to do is change the password and add domain restriction. You can change the Zope administrator ('superuser') password from the command line with: # /usr/bin/python /opt/zope/zpasswd.py /opt/zope/access Use at least 8 characters for a password, of which at least two (2) should be non-alfanumerical, and SHA encrypting: [==== Begin dialog: /opt/zope/zpasswd.py (password change) ====] Username: superuser Password: Vefify password: Please choose a format from: SHA - SHA-1 hashed password CRYPT - UNIX-style crypt password CLEARTEXT - no protection. Encoding: sha Domain restrictions: *.yourdomain.tld [====== End dialog: /opt/zope/zpasswd.py (password change) ====] You can now enter use the management screen to add users, etc. The access file, /opt/zope/access, must be 0600 and wwwrun:nogroup, ie. the same ownership as the web server (httpd), that, in our case, calls the Zope.cgi wrapper. After a password change, you need to restart Zope, as an 'rczope probe' will tell you: # rczope probe restart Shortcuts for restarting Zope and Apache are: # rczope restart # rcapache restart Note that 'rczope' is a symlink to '/sbin/init.d/zope'. Apart from the usual 'start', 'stop' and 'restart' signals, a status and probing signal is also supported: # rczope status # rczope probe The idea of a probe is that is it always safe to: # rczope `rczope probe` Installing additional Zope products (zproducts) is simply done by unpacking them into the Zope base directory: /opt/zope Final trivia ============ After you have moved the static content (html files) into Zope, remove the RewriteRule's '^/static/(.*)' and '^/cgi-bin/(.*)' in the Apache config file (/etc/httpd/httpd.conf) and restart Apache. Remove the html files themselves as well after verifying that they have been incorporated into Zope succesfully. Be sure not to remove the SuSE online help info: it is best to put that in a virtual host. =========================================================================== Bye-bye, Eric Maryniak -- Eric Maryniak <e.maryniak@pobox.com> Home page: http://pobox.com/~e.maryniak/ University of Amsterdam, Department of Psychology. Tel/Fax: +31 20 5256853/6391656. Internet: http://www.neuromod.org/ There's no future in time travel. -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/