[Zope] Security and Acquistition Problem

Charlie Wilkinson cwilkins@boinklabs.com
Thu, 9 Nov 2000 11:01:57 -0500


Greetings,
I had posted about this on Zope-dev because I'm running the CVS version,
but no response there.  Also more research has yielded more info.
I first discovered this issue with LoginManager, but the same problem
occurs with standard acl_users too.

First, 'Figure 1:'

/ (Root Folder)
	/ acl_test (ACL Test Folder)
		acl_users (User Folder)
		index_html (Test Document)

Now, referring to figure 1, changes to security settings for the acl_test
folder are having no effect on access to index_html.  Only when I change
the security settings on index_html itself, can I control access to it.

So what this boils down to is that as of v2.2.whatever, an acl_users
folder apparently does not protect the folder it's in (parent folder),
but only it's sibling objects and below.  Meaning that instead of setting
permissions on the parent object and being done with it, one now has to
set permissions for each sibling.  In my case that's 50 or more objects
and I'm not done coding yet.  Ouch!  This *can't* be right, can it?
I know there's a lot that's happened with the security model, so I'm
really *really* hoping this is just a bug that's crept in.

Thanks for any clues,
		Charlie

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            Charlie Wilkinson - cwilkins@boinklabs.com - N3HAZ
Parental Unit, UNIX Admin, Homebrewer, Cat Lover, Spam Fighter, HAM, SWLer...
    Visit the Radio For Peace International Website: http://www.rfpi.org/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            CLOBBER INTERNET SPAM:  See!! <http://spam.abuse.net/>        
                                   Join!! <http://www.cauce.org/>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
QOTD:
"Bush is a big corporation disguised as a human being running for president."
	-- Ralph Nader on David Letterman (9/28/00)