-----Original Message----- From: Phillip J. Eby [mailto:pje@telecommunity.com] Sent: Tuesday, May 16, 2000 12:58 PM To: Tres Seaver; Kevin Dangoor Cc: zope-dev@zope.org; Zope-PTK@zope.org Subject: Superuser ownership (was "Adding LoginManager at the root")

At 11:25 AM 5/16/00 -0400, Tres Seaver wrote:

...

Hmm, LoginManager might be able to exploit the "revert to unowned" behavior of objects belonging to former users:

* Create a temporary user temporarily;

* Assign it to REQUEST.AUTHENTICATED_USER;

* Construct the DTML Methods;

* Delete the user.

Oops, nope, this still won't work, because then the

superuser won't be

...

able to call those DTML Methods to add users (I think). Maybe leaving the "cruft" user in place is sensible, except that (for instance) it presents the same kind of problem as the recent piranha mess (default passwords). We could pass in the id and password of the new manager in the constructor form, I guess.

Maybe I'm missing something, but couldn't all this be solved by having objects created by the superuser always be owned by "nobody" with respect to ownership (not owner-role)? Wouldn't that fix this entire issue (and many others we probably haven't thought of yet)?

Nope, because objects owned by 'nobody' would be almost useless -- the intersection of nobody's permissions with any other users' is an empty set. ========================================================== Tres Seaver Digital Creations tseaver@digicool.com