[Zope] security question

Tres Seaver tseaver@palladion.com
Fri, 17 Mar 2000 17:28:05 -0600 

"Brad Crittenden" <bac@ivc.com> wrote:
> 
> hello:
> 
> for my zope, the root directory is protected so that anonymous users have no
> permissions.  in addition to root, two other users are defined and given the
> role 'internal'.  one of the users has a username/password.  the other
> allows access based upon IP range.  this works as intended.
> 
> i now want to give anonymous users permission to access
> /subfolder/index_html.  this dtml method accesses a database and uses
> LocalFS.
> 
> my first attempt to realize this was to assign the appropriate permissions
> to Anonymous for index_html.  when this failed, i went to the /subfolder
> security and modified permissions there that seemed relevant.  i tried many
> combinations until finally giving up and granting all available permissions
> to Anonymous at the /subfolder and /subfolder/index_html levels.  so now,
> all permissions are checked for 'acquire' and for 'Anonymous'.
> 
> even this does not work!  users attempting to access
> http://myzope/subfolder/index_html are greeted with an authentication
> dialog.
> 
> so, despite the fact that security seems to be a pretty simple concept i
> seem to be missing something fundamental.
> 
> any insight would be appreciated.


Chris Withers <chrisw@nipltd.com> replied:
> 
> > so, despite the fact that security seems to be a pretty simple concept i
> > seem to be missing something fundamental.
> 
> Security is never a simple concept, especially in system as complex as Zope.
> 
> Some decent documentation would help ;-)


The key to figuring this behavior out is understanding how ZPublisher maps
a URL:

 * Split the URI path into a sequence of names

 * From the root, traverse each named object in order (allowing
   it to intercept the traversal, if it wants).  Traversal requires at
   least minimal permissions on the traversed-through object.

 * During traversal, allow the acquisition machinery to operate

 * If the last item traversed to is callable, call it;  otherwise, render
   it.

This works somewhat like permissions on a Unix directory:  you have to have the
executable bit set in order to traverse the directory, and the read bit set in
order to list it.

Hope this helps!

Tres.
-- 
=========================================================
Tres Seaver         tseaver@palladion.com    713-523-6582
Palladion Software  http://www.palladion.com