[Zope] Zope security and packing the database

Cameron Beattie kjcsb at orcon.net.nz
Tue Oct 11 20:42:42 EDT 2005 

>> I have created a script based on zope_pack from the Zope book which 
>> allows a username and password to be specified when it is called. I wish 
>> to create a user specifically for this purpose that only has the ability 
>> to pack the ZODB.
>
> What permission is ZODB packing protected by?

I don't know. That's part of the problem. I can't see any permissions that 
allow or disallow this.
>
>> granted the backup role all available permissions. But the user can't 
>> login to http://mydomain.com/Control_Panel/Database/main/manage_workspace
>
> I don't know what zope_pack looks like, can you show us?
vi zope_pack
#!/usr/bin/python
import sys, urllib
host = sys.argv[1]
days = sys.argv[2]
user = sys.argv[3]
pwd  = sys.argv[4]

class MyUrlOpener(urllib.FancyURLopener):
        def prompt_user_passwd(self, host, realm):
                return (user,pwd)
        def __init__(self, *args):
                self.version = "Zope Packer"
                urllib.FancyURLopener.__init__(self, *args)

def main():
        urllib._urlopener = MyUrlOpener()
        url = "%s/Control_Panel/Database/manage_pack?days:float=%s" % \
                (host, days)
        try:
                f = urllib.urlopen(url).read()
        except IOError:
                print "Cannot open URL %s, aborting" % url
        print "Successfully packed ZODB on host %s" % host
if __name__ == '__main__':
        main()

> What error message do you get?

If I use a user that has the Owner role it works correctly.

If I use the backup user then urllib can't get the url due to no 
authentication so errors as follows:
  File "/usr/lib/python2.4/urllib.py", line 180, in open
    return getattr(self, name)(url)
  File "/usr/lib/python2.4/urllib.py", line 305, in open_http
    return self.http_error(url, fp, errcode, errmsg, headers)
  File "/usr/lib/python2.4/urllib.py", line 318, in http_error
    result = method(url, fp, errcode, errmsg, headers)
  File "/usr/lib/python2.4/urllib.py", line 615, in http_error_401
    return getattr(self,name)(url, realm)
  File "/usr/lib/python2.4/urllib.py", line 628, in retry_http_basic_auth
    return self.open(newurl)

> Any tracebacks?
>
Nothing appears in the log.
>
> PS: I wouldn't do zodb packing by whacking a url. There's a script that 
> scripts with ZOpe now that opens up a ZEO connection and does the pack 
> that way, that's what I'd do...
>
I don't use ZEO - can I just do the scripted packing bit without all the 
associated ZEO setup?

Regards

Cameron

More information about the Zope mailing list