SETUID reSTified

doc/SETUID.txt

 Zope effective user support
+===========================
 
-  Zope can bind its network service to low ports such as 21 (FTP) and
-  80 (HTTP).  In order to bind to low ports, Zope must be started as
-  the root user.  However, Zope will only run as root long enough to
-  bind to these low ports.  It will then attempt to setuid to a less
-  privileged user.
+Zope can bind its network service to low ports such as 21 (FTP) and
+80 (HTTP).  In order to bind to low ports, Zope must be started as
+the root user.  However, Zope will only run as root long enough to
+bind to these low ports.  It will then attempt to setuid to a less
+privileged user.
 
-  You must specify the user to which Zope will attempt to setuid by
-  changing the 'effective-user' parameter in the zope.conf
-  configuration file to an existing username or UID.  All runtime
-  files will be written as this user.  If you do not specify an
-  'effective-user' in the configuration file, and you attempt to start
-  Zope, it will refuse to start.
+You must specify the user to which Zope will attempt to setuid by
+changing the 'effective-user' parameter in the zope.conf
+configuration file to an existing username or UID.  All runtime
+files will be written as this user.  If you do not specify an
+'effective-user' in the configuration file, and you attempt to start
+Zope, it will refuse to start.
 
-  Zope additionally emits a warning if you specify 'nobody' as the
-  'effective-user'.  The rationale for this warning stems from the
-  fact that, historically, many other UNIX services dropped privileges
-  to the 'nobody' account after starting as root.  Any security
-  defects in these services could cause someone to gain access as the
-  'nobody' account on your system.  If someone was to gain control of
-  your 'nobody' account they could compromise your Zope files.
+Zope additionally emits a warning if you specify 'nobody' as the
+'effective-user'.  The rationale for this warning stems from the
+fact that, historically, many other UNIX services dropped privileges
+to the 'nobody' account after starting as root.  Any security
+defects in these services could cause someone to gain access as the
+'nobody' account on your system.  If someone was to gain control of
+your 'nobody' account they could compromise your Zope files.
 
-  The most important thing to remember about effective user support is
-  that you don't have to start Zope as root unless you want to listen
-  for requests on low ports (ports beneath 1024).  In fact, if you
-  don't have this need, you are much better off just starting Zope
-  under a dedicated user account.
+The most important thing to remember about effective user support is
+that you don't have to start Zope as root unless you want to listen
+for requests on low ports (ports beneath 1024).  In fact, if you
+don't have this need, you are much better off just starting Zope
+under a dedicated user account.
 

doc/index.txt

@@ -13,6 +13,7 @@ Contents:
    CHANGES.txt
    INSTALL.txt
    ZOPE3.txt
+   SETUID.txt
 
 Indices and tables
 ==================