Just a little near-death experience I had here... In a CMF site, thus in an acl_users not at the root, the CMF administrator had a Manager account. This administrator created all the site, skins, and so on. He also has an account at the root, with the same password. Now came the time for a cleanup, and deletion of the unneeded account in CMF. Then everything went weird, the site mostly worked but acquisition seemed to not find things, ZopeSecurityPolicy failed in validate (for instance if I put standard_html_header besides the object I accessed it worked, but if I left it in the skins it didn't)... It finally dawned on me that all the skins and so on were owned by the now nonexistent admin in the sub-acl_users, and that this caused all those problems. I re-added him. I probably could have "taken ownership" of all skins and CMF machinery from the admin at the root but I wanted to play it safe. Florent -- Florent Guillaume, Nuxeo (Paris, France) +33 1 40 33 79 10 http://nuxeo.com mailto:fg@nuxeo.com
Hi!
It finally dawned on me that all the skins and so on were owned by the now nonexistent admin in the sub-acl_users, and that this caused all those problems.
I re-added him. I probably could have "taken ownership" of all skins and CMF machinery from the admin at the root but I wanted to play it safe.
We had that kind of problem some time ago, just right before a product shipment. It drove us crazy. Maybe it should be documented somewhere. Or even better (though probably a little bit harder to do): When a user is deleted, there should be a warning if he still owns stuff. Joachim
Something I'd like to figure out when I have time is, why does the security machinery fail in such ways when the object is not owned by a valid user ? Florent
It finally dawned on me that all the skins and so on were owned by the now nonexistent admin in the sub-acl_users, and that this caused all those problems.
I re-added him. I probably could have "taken ownership" of all skins and CMF machinery from the admin at the root but I wanted to play it safe.
We had that kind of problem some time ago, just right before a product shipment. It drove us crazy. Maybe it should be documented somewhere. Or even better (though probably a little bit harder to do): When a user is deleted, there should be a warning if he still owns stuff. -- Florent Guillaume, Nuxeo (Paris, France) +33 1 40 33 79 10 http://nuxeo.com mailto:fg@nuxeo.com
Florent Guillaume writes:
Something I'd like to figure out when I have time is, why does the security machinery fail in such ways when the object is not owned by a valid user ? The effective roles are the intersection of the current user's roles and the one of the executing object's owner. This is explained in the Zope Security documentation (--> zope.org).
A non-existing owner has no roles. The intersection is empty. Consequence "Unauthorized". Dieter
Something I'd like to figure out when I have time is, why does the security machinery fail in such ways when the object is not owned by a valid user ? The effective roles are the intersection of the current user's roles and the one of the executing object's owner. This is explained in the Zope Security documentation (--> zope.org).
Ah, ok, I found the reason. Here it is for others interested: http://www.zope.org//Members/jim/ZopeSecurity/ServerSideTrojan The notion of owner was introduced in Zope 2.2 just for this. Florent -- Florent Guillaume, Nuxeo (Paris, France) +33 1 40 33 79 10 http://nuxeo.com mailto:fg@nuxeo.com
participants (3)
-
Dieter Maurer -
Florent Guillaume -
Joachim Werner