[Zope] Re: superuser confusion

Chris McDonough chrism@digicool.com
Mon, 4 Sep 2000 15:37:53 -0400 (EDT)


On Mon, 4 Sep 2000, Chris Withers wrote:

> > Well, I think the real problem is that the account that you use to
> > "bootstrap" Zope is named "superuser".  If it was named something else
> > like "bootstrapuser" or "fixupuser" or something, I doubt you'd wonder why
> > it couldn't own anything.
> 
> Well, okay, let me rephrase the question:
> Why is it bad for the bootstrap user to own anything?
> It used to be considered okay before Zope 2.2, so was has been
> changed/discovered that makes this now such a bad idea that despite
> loads of newbie pain and confusion, it's still worth while/necessary?

I've got to say I agree with you here.  I'm still not 100% sure why the
superuser or bootstrap user can't own anything.  The argument for
protecting the user against himself by making this so is something I had a
rough time rationalizing in that document.  I suppose there's the argument
for having a meaningful audit trail when things go wrong (instead of
superuser hosing your site, it'd be "chrism").  But this is also a
rationalization.  I guess the ultimate answer is "shrug."

I'm certainly not even going to think of trying to tear apart the code
that makes it that way (nevermind the flamefest it would cause). Rather,
to ameliorate the situation, Zope should prompt the installer to define a
separate management user at setup.

> 
> > > Come to thing of it, is there a concise description anywhere of what the
> > > new rules are WRT to ownership, the logged in user and how 'code' of all
> > > the various types is executed?
> > 
> > What isn't covered in that document that you'd like to know?
> 
> Urm, again, no offence ('cos I think the book is aimed at a different
> audience) but the keyword for me was 'concise'. I did have a look at the
> document above, but didn't read it 'cos it looked about 10 pages long
> :-(
> 
> I'm looking for something closer to 10 _lines_ long, but that may not be
> possible ;-)

No.  But the document is divided into sections, and one of those sections
regards ownership.

Chris McDonough
Digital Creations, Publishers of Zope
http://www.zope.org