Problem with buildout


switching back from buildout with mr.developer to a normal buildout (without sources.cfg) I got the following error:

# sudo -u plone_buildout bin/buildout
Updating zeoserver.
Updating client1.
  Updating client1.

An internal error occurred due to a bug in either zc.buildout or in a
recipe being used:
Traceback (most recent call last):
  File "/opt/Plone/buildout-cache/eggs/zc.buildout-1.7.1-py2.7.egg/zc/buildout/", line 1866, in main
    getattr(buildout, command)(args)
  File "/opt/Plone/buildout-cache/eggs/zc.buildout-1.7.1-py2.7.egg/zc/buildout/", line 598, in install
  File "/opt/Plone/buildout-cache/eggs/zc.buildout-1.7.1-py2.7.egg/zc/buildout/", line 798, in _uninstall
  File "/opt/Plone/buildout-cache/eggs/zc.buildout-1.7.1-py2.7.egg/zc/buildout/", line 60, in rmtree
    shutil.rmtree (path, onerror = retry_writeable)
  File "/opt/Plone/Python-2.7/lib/python2.7/", line 252, in rmtree
    onerror(os.remove, fullname, sys.exc_info())
  File "/opt/Plone/buildout-cache/eggs/zc.buildout-1.7.1-py2.7.egg/zc/buildout/", line 57, in retry_writeable
    os.chmod (path, 0600)
OSError: [Errno 1] Operation not permitted: '/opt/Plone/zeocluster/parts/client1/'
*************** PICKED VERSIONS ****************

*************** /PICKED VERSIONS ***************

What's wrong? I don't understand the error message.
Anyone can help?

Thanks a lot,

There is no need to run Plone buildout as user 'root'. Install Plone as normal user
and run buildout as normal user and ensure that the buildout directory is owned
by the related user account. chown is your friend.


Hi Andreas,

I'm running zope as normal user:

# sudo -u plone_buildout bin/buildout

And all the installation have the same rights, as you can see here:

# ll
total 108
drwxr-sr-x  2 plone_buildout plone_group  4096 Sep 29 11:33 Extensions
-rw-r--r--  1 plone_buildout plone_group  3439 Oct  4 12:10 README.html
-rw-------  1 plone_buildout plone_group   431 Oct  4 12:10 adminPassword.txt
-rw-r--r--  1 plone_buildout plone_group  8834 Oct  4 11:49 base.cfg
drwxr-sr-x  2 plone_buildout plone_group  4096 Oct  4 12:08 bin
-rw-r--r--  1 plone_buildout plone_group 10525 Jan  9  2014
-rw-------  1 plone_buildout plone_group  7246 Oct  4 12:08 buildout.cfg
drwxr-sr-x  2 plone_buildout plone_group  4096 Oct  4 12:10 develop-eggs
-rw-r--r--  1 plone_buildout plone_group  4399 Jan  9  2014 develop.cfg
-rw-r--r--  1 plone_buildout plone_group   815 Jan  9  2014 lxml_static.cfg
drwxr-sr-x  5 plone_buildout plone_group  4096 Sep 28 10:26 parts
drwxr-sr-x  2 plone_buildout plone_group  4096 Jan  9  2014 products
-rw-r--r--  1 plone_buildout plone_group   130 Sep 27 14:37 sources.cfg
drwxr-sr-x  4 plone_buildout plone_group  4096 Oct  4 12:08 src
drwxrwx--- 12 plone_buildout plone_group  4096 Sep 28 10:34 var
-rw-r--r--  1 plone_buildout plone_group  9521 Jan  9  2014 versions.cfg
-rw-r--r--  1 plone_buildout plone_group  1022 Jan  9  2014 zope-versions.cfg
-rw-r--r--  1 plone_buildout plone_group  1902 Jan  9  2014 zopeapp-versions.cfg
-rw-r--r--  1 plone_buildout plone_group  2518 Jan  9  2014 ztk-versions.cfg

It worked well before using mr.developer and with mr.developer, but now deleting this special configuration it doesn't work.

In Problem with CMFBibliographyAT and Plone 4.3.11 you are explaining:

In case of a fixed release package you can easily switch back and remove the checkout.

And this is what I done and want.


OK, sorry. You are right. An simply...

[zeocluster]# chown -R plone_buildout:plone_group *

...fixed the problem.


As said: don't use root

I personally do no care about what worked before...there is something called "best practice".
What you are doing is "bad practice".


Hi Andreas,

I don't understand this - can you help me follow the logic, please?

On 04/10/16 12:23, Andreas Jung wrote:

As said: /don't use root/

Surely the command: -

sudo -u plone_buildout bin/buildout actually running as the plone_buildout user, and sudo is only being used to accomplish that, as document in the readme files for the latest versions of the 4.3.x and 5.0.x branches?

I personally do no care about what worked before...there is something
called "best practice".
What you are doing is "bad practice".

Specifically, looking at the readme files for both Plone 4.3.11 and 5.0.6, each one says: -

"Apply settings by running "sudo -u plone_buildout bin/buildout" in your instance directory."

Does this mean that the documentation in the current unified installers is invalid?



No idea what the documentation say, in particular never used the universal installer.
As said: you can install a Plone buildout fine without root permission as long as all system packages are installed.
The system user executing the buildout must not be root. It's convenient being root but then live with the consequences.


So the difference is here:

bad practice:
# sudo -u plone_buildout bin/buildout

best practice:
$ sudo -u plone_buildout bin/buildout


Using the universal installer - and also w/o - best practice is to run buildout vs. to run the instances as two different users. Never as root. Thus the instance user has only write access to buildouts ./var directory while buildout user has write access to the whole buildout directory. This way the hypothetical case of a breach of the isolation of Zope to not write in the file system except in var (zodb, blobs, logs) possible harm is reduced to data and no code can be modified.

I think @zopyx was a bit confused by your sudo and dis not read carefully enough!?

A side comment: Add "buildout.sanitycheck" to your extensions, and it will prevent an accidental run of buildout as root.

extensions =

This is included in the Unified Installer's base buildout.