[Zope] acl_users

Manfred Milhofer mmilhofer@uk.cintra.com
Wed, 27 Nov 2002 11:48:10 -0000


This is a multi-part message in MIME format.

------_=_NextPart_001_01C2960A.DBE8F190
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

Hi Tino

Thanks for the reply. I didn't use zpasswd.py, I used the web interface
but I added a user in the root acl_users folder, which according to
other replies I received was not a good idea!

I'll try the suggestion that several people made to create a new
acl_users folder at the level I wish to secure.

Thanks to all who replied.

Manfred
-----Original Message-----
From: Tino Wildenhain [mailto:tino@wildenhain.de]
Sent: 26 November 2002 20:05
To: Manfred Milhofer; zope@zope.org
Subject: Re: [Zope] acl_users


Hi Manfred,

--On Dienstag, 26. November 2002 17:23 +0000 Manfred Milhofer=20
<mmilhofer@uk.cintra.com> wrote:

>
> Hi
>
> I'm having problems creating a new user in Zope. I want to allow a
user
> access to one folder only, so my thinking was;   - create a new user
in
> acl_users and grant 'manager' role
>  - grant access on said folder to manager
> However, simply adding the new user changes the password for the admin
> user as well, so i have to resort to a backup to continue (with no new
> user!).
>
> I'm obviously being very dim - I've tried searching the list but can't
> find anything, any help gratefully received.

Uh oh ;) You probably used the zpasswd.py for creating the second user?
Not zpasswd.py is only for resolving the tie loop when initializing
a new Data.fs - to have a user to log in it must be in the
acl_users, which will be in the new Data.fs (beside the emergency user,
which is in a file called "access")
If you have a single user in acl_users or only one user,
calling zpasswd.py inituser and restarting zope causes the
inituser file to be absorbed and the user overwritten/created.

What you want is to log in your Zope using a web browser after
creating _your_ account with zpasswd and then make new users
by adding them in the Browser interface.

In your case give them no Role at all but the local role "manager"
in the desired folder only.

Regards
Tino

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.373 / Virus Database: 208 - Release Date: 01/07/2002
=20

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.373 / Virus Database: 208 - Release Date: 01/07/2002
=20

------_=_NextPart_001_01C2960A.DBE8F190
Content-Type: text/html;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DWindows-1252">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.0.4417.0">
<TITLE>RE: [Zope] acl_users</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->

<P><TT><FONT SIZE=3D2>Hi Tino</FONT></TT>
</P>

<P><TT><FONT SIZE=3D2>Thanks for the reply. I didn't use zpasswd.py, I =
used the web interface but I added a user in the root acl_users folder, =
which according to other replies I received was not a good =
idea!</FONT></TT></P>

<P><TT><FONT SIZE=3D2>I'll try the suggestion that several people made =
to create a new acl_users folder at the level I wish to =
secure.</FONT></TT>
</P>

<P><TT><FONT SIZE=3D2>Thanks to all who replied.</FONT></TT>
</P>

<P><TT><FONT SIZE=3D2>Manfred</FONT></TT>

<BR><TT><FONT SIZE=3D2>-----Original Message-----</FONT></TT>

<BR><TT><FONT SIZE=3D2>From: Tino Wildenhain [<A =
HREF=3D"mailto:tino@wildenhain.de">mailto:tino@wildenhain.de</A>]</FONT><=
/TT>

<BR><TT><FONT SIZE=3D2>Sent: 26 November 2002 20:05</FONT></TT>

<BR><TT><FONT SIZE=3D2>To: Manfred Milhofer; zope@zope.org</FONT></TT>

<BR><TT><FONT SIZE=3D2>Subject: Re: [Zope] acl_users</FONT></TT>
</P>
<BR>

<P><TT><FONT SIZE=3D2>Hi Manfred,</FONT></TT>
</P>

<P><TT><FONT SIZE=3D2>--On Dienstag, 26. November 2002 17:23 +0000 =
Manfred Milhofer </FONT></TT>

<BR><TT><FONT SIZE=3D2>&lt;mmilhofer@uk.cintra.com&gt; =
wrote:</FONT></TT>
</P>

<P><TT><FONT SIZE=3D2>&gt;</FONT></TT>

<BR><TT><FONT SIZE=3D2>&gt; Hi</FONT></TT>

<BR><TT><FONT SIZE=3D2>&gt;</FONT></TT>

<BR><TT><FONT SIZE=3D2>&gt; I'm having problems creating a new user in =
Zope. I want to allow a user</FONT></TT>

<BR><TT><FONT SIZE=3D2>&gt; access to one folder only, so my thinking =
was;&nbsp;&nbsp; - create a new user in</FONT></TT>

<BR><TT><FONT SIZE=3D2>&gt; acl_users and grant 'manager' =
role</FONT></TT>

<BR><TT><FONT SIZE=3D2>&gt;&nbsp; - grant access on said folder to =
manager</FONT></TT>

<BR><TT><FONT SIZE=3D2>&gt; However, simply adding the new user changes =
the password for the admin</FONT></TT>

<BR><TT><FONT SIZE=3D2>&gt; user as well, so i have to resort to a =
backup to continue (with no new</FONT></TT>

<BR><TT><FONT SIZE=3D2>&gt; user!).</FONT></TT>

<BR><TT><FONT SIZE=3D2>&gt;</FONT></TT>

<BR><TT><FONT SIZE=3D2>&gt; I'm obviously being very dim - I've tried =
searching the list but can't</FONT></TT>

<BR><TT><FONT SIZE=3D2>&gt; find anything, any help gratefully =
received.</FONT></TT>
</P>

<P><TT><FONT SIZE=3D2>Uh oh ;) You probably used the zpasswd.py for =
creating the second user?</FONT></TT>

<BR><TT><FONT SIZE=3D2>Not zpasswd.py is only for resolving the tie loop =
when initializing</FONT></TT>

<BR><TT><FONT SIZE=3D2>a new Data.fs - to have a user to log in it must =
be in the</FONT></TT>

<BR><TT><FONT SIZE=3D2>acl_users, which will be in the new Data.fs =
(beside the emergency user,</FONT></TT>

<BR><TT><FONT SIZE=3D2>which is in a file called =
&quot;access&quot;)</FONT></TT>

<BR><TT><FONT SIZE=3D2>If you have a single user in acl_users or only =
one user,</FONT></TT>

<BR><TT><FONT SIZE=3D2>calling zpasswd.py inituser and restarting zope =
causes the</FONT></TT>

<BR><TT><FONT SIZE=3D2>inituser file to be absorbed and the user =
overwritten/created.</FONT></TT>
</P>

<P><TT><FONT SIZE=3D2>What you want is to log in your Zope using a web =
browser after</FONT></TT>

<BR><TT><FONT SIZE=3D2>creating _your_ account with zpasswd and then =
make new users</FONT></TT>

<BR><TT><FONT SIZE=3D2>by adding them in the Browser =
interface.</FONT></TT>
</P>

<P><TT><FONT SIZE=3D2>In your case give them no Role at all but the =
local role &quot;manager&quot;</FONT></TT>

<BR><TT><FONT SIZE=3D2>in the desired folder only.</FONT></TT>
</P>

<P><TT><FONT SIZE=3D2>Regards</FONT></TT>

<BR><TT><FONT SIZE=3D2>Tino</FONT></TT>
</P>

<P><TT><FONT SIZE=3D2>---</FONT></TT>

<BR><TT><FONT SIZE=3D2>Incoming mail is certified Virus =
Free.</FONT></TT>

<BR><TT><FONT SIZE=3D2>Checked by AVG anti-virus system (<A =
HREF=3D"http://www.grisoft.com">http://www.grisoft.com</A>).</FONT></TT>

<BR><TT><FONT SIZE=3D2>Version: 6.0.373 / Virus Database: 208 - Release =
Date: 01/07/2002</FONT></TT>

<BR><TT><FONT SIZE=3D2>&nbsp;</FONT></TT>
<BR>

<BR><TT><FONT SIZE=3D2>---<BR>
Outgoing mail is certified Virus Free.<BR>
Checked by AVG anti-virus system (<A =
HREF=3D"http://www.grisoft.com">http://www.grisoft.com</A>).<BR>
Version: 6.0.373 / Virus Database: 208 - Release Date: 01/07/2002<BR>
</FONT>&nbsp;</TT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C2960A.DBE8F190--