Should systemd unit file have User/Group lines?

in the systemd startup unit file described on Automatic Plone (re)starts — Plone Documentation v5.2 , there is no User= or Group= definitions ;
without these lines, plone will be running with the user root

(( in previous versions, there was the plone_buildout and plone_daemon users which were defined and forced when buildout or running plone, but these enforcements have vanished in the more recent versions ))

I just rechecked a small server where I have used the systemd as suggested in the instructions. By having the plone instance housed in the home of a particular user it is run under that user, not root. On my simple test server I have two different users running different instances of Plone. A call to ps aux | grep plone. Will return the plone jobs and the user they are running under.


You can use the effective-user directive provided by p.r.zope2instance and others in your buildout config so that Plone will run as that user. Ex:

recipe = plone.recipe.zope2instance
effective-user = plone

recipe = plone.recipe.zeoserver
effective-user = plone

thank you, i did add the effective-user line but buildout echoed it as deprecated feature ; but maybe i did put it in the wrong buildout section

Plone Foundation Code of Conduct