Dieter Maurer wrote:
Nikko Wolf wrote at 2005-6-7 14:25 -0600:
- I do not want ANY access by unauthorized users. Obviously they must be able to reach a login page, and get instructions on how to request an account, password reset, etc.
Put all content in a subfolder of your site and remove "View" and "Access contents information" from "Anonymous".
I have a Plone instance named "/Home" -- do you mean that or a subfolder of it? But of course, this killed my entire Plone installation. I did as you suggested but (in hindsight stupidly!) did not ensure that anyone else had permissions to "View" and "Access contents information" -- so even logged in as a Manager I could not access the "/Home" folder -- including the Security tab where I would go to fix the problem. Which seems like a design flaw, but.... Fortunately, http://www.zope.org/Documentation/Misc/SECURITY.txt/view explains about using the emergency user via "zpasswd.py" script, so I fixed things but not until after a good bit of elevated blood pressure and a lot of profanity. But this brings me to an issue I found weeks ago. Whilst trying to restrict access, I find that with an non-manager user: http://myhost.com:8080/Home/ --- shows the root Plone page just as desired http://myhost.com:8080/Home --- shows an "insufficient privileges" page (note the lack of a trailing slash). Any one have ideas why this is, or how to fix this? Regards, Nikko