Buildout makes Plone freezing

Hi
I installed Plone 5.0.4 on a fresh Ubuntu Linux 16.04.1. Everything worked fine, I created several sites. To go public I changed the port 8080 in buildout.cfg to 80 and had to run a buildout with:
$ sudo -u plone_buildout bin/buildout
Since then Plone freezes after a few clicks. In the meantime I upgraded Plone to the following:
Plone 5.0.6 (5016)
CMF 2.2.10
Zope 2.13.24
Python 2.7.12 (default, Nov 19 2016, 06:48:10) [GCC 5.4.0 20160609]
PIL 3.3.0 (Pillow)

The output of the buildout is:
Updating instance.
Updating repozo.
Updating backup.
Updating zopepy.
Updating unifiedinstaller.
Updating precompiler.
Compiling Python files.
Compiling locale files.
Error while compiling /opt/plone/buildout-cache/eggs/python_gettext-3.0-py2.7.egg/pythongettext/tests/test5.po
Error while compiling /opt/plone/buildout-cache/eggs/python_gettext-3.0-py2.7.egg/pythongettext/tests/test_escape.po
Updating setpermissions.
setpermissions: Running # Dummy references to force this to execute after referenced parts
echo /opt/plone/zinstance/var/backups yes > /dev/null
chmod 600 .installed.cfg
# Make sure anything we've created in var is r/w by our group
find /opt/plone/zinstance/var -type d -exec chmod 770 {} ; 2> /dev/null
find /opt/plone/zinstance/var -type f -exec chmod 660 {} ; 2> /dev/null
find /opt/plone/zinstance/var -type d -exec chmod 770 {} ; 2> /dev/null
find /opt/plone/zinstance/var -type f -exec chmod 660 {} ; 2> /dev/null
chmod 754 /opt/plone/zinstance/bin/*
chmod: changing permissions of '/opt/plone/zinstance/bin/buildout': Operation not permitted
Versions had to be automatically picked.
The following part definition lists the versions picked:
[versions]
Products.PloneHotfix20160830 = 1.3
plone.recipe.command = 1.1
plone.recipe.precompiler = 0.6

Any idea how to fix this issue?

Just at a glance, I'd look into issues with Plone 5 on Ubuntu 16.04

Thanks pigeonflight.

I saw "Ubuntu 16.04: Zope instance terminated by SIGSEGV (core dumped)" and worked through it. But I could not see a real solution. I did what jensens proposed in the last post, but my Python (Python 2.7.12) seems newer.

I think the problem looks the same but may be caused by the three errors indicated:
Error while compiling /opt/plone/buildout-cache/eggs/python_gettext-3.0-py2.7.egg/pythongettext/tests/test5.po
Error while compiling /opt/plone/buildout-cache/eggs/python_gettext-3.0-py2.7.egg/pythongettext/tests/test_escape.poandchmod: changing permissions of '/opt/plone/zinstance/bin/buildout': Operation not permitted`

You have a permission issue. Typically this is caused by running buildout, and/or the Plone instance, as root some time and then as a non-root user another time.

chmod: changing permissions of '/opt/plone/zinstance/bin/buildout': Operation not permitted`

This suggests that you ran buildout as root, then later as non-root.

Binding Plone on port :80 is a bad idea IMO. You need to run as root to bind to such a low port. Better to use a proxying http server like nginx which has the proper privilege separation required.

1 Like

Yes of course trying to run on port 80 is the issue. You can safely disregard my "knee-jerk reaction" comment.

Yes indeed! Port 80 is the issue! I switched it back to 8080 and everything runs perfect as before.

I did not expect this behaviour because I ran Plone 3.2.2 on Port 80 for years. Maybe a remark in buildout would prevent other users from this fault?

What about the Virtual Host Monster? It is still there. Is it to be avoid?

I don't think this changed, you may have run your old Plone as root? Binding of ports below 1024 is only allowed for root on Unix systems (not sure about Windows). So even your Plone 3 must have run as root. In later UnifiedInstallers better privilege separation and enhancements to have a user to run the buildout and another to run Plone, were added.

This is still the way to go.

Ports below 1024 are considered privileged, this is assumed networking knowledge. Historically the profile of person who used buildout aligned with that type of knowledge. Maybe this is changing and there's a need to reiterated this information in the documentation.

see: https://www.w3.org/Daemon/User/Installation/PrivilegedPorts.html'

@gyst suggested using some kind of proxy in front of Plone, this is a very common approach, I recommend nginx for a basic site.