[Zope] Security and Acquisition

Charlie Wilkinson cwilkins@boinklabs.com
Thu, 9 Nov 2000 11:50:38 -0500


Greetings,
I know this a very busy list, but I'm hoping someone can take a moment to
address this.  I had posted about this on Zope-dev because I'm running the
CVS version, but no response.  Also more research has yielded more info.
I first discovered this issue with LoginManager, but the same problem
occurs with standard acl_users too.

First, 'Figure 1:'

/ (Root Folder)
	/ acl_test (ACL Test Folder)
		acl_users (User Folder)
		index_html (Test Document)

Now, referring to figure 1 (above :-), changes to security settings
for the acl_test folder are having no effect on access to index_html.
Only when I change the security settings on index_html itself, can I
control access to it.

So what this seemingly boils down to is that as of v2.2.whatever,
an acl_users folder does not protect its siblings and their kids by
acquisition of security settings from the parent folder.  Instead,
sibling objects must have their security explicitly set.  Meaning that
instead of setting permissions on the parent object and being done
with it, one now has to set permissions for each and every sibling.
In my case that's over 50 objects and I'm not done coding yet.  Ouch!
This *can't* be right, can it?

Thanks for any clues,
		Charlie

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            Charlie Wilkinson - cwilkins@boinklabs.com - N3HAZ
Parental Unit, UNIX Admin, Homebrewer, Cat Lover, Spam Fighter, HAM, SWLer...
    Visit the Radio For Peace International Website: http://www.rfpi.org/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            CLOBBER INTERNET SPAM:  See!! <http://spam.abuse.net/>        
                                   Join!! <http://www.cauce.org/>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
QOTD:
"Bush is a big corporation disguised as a human being running for president."
	-- Ralph Nader on David Letterman (9/28/00)
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            Charlie Wilkinson - cwilkins@boinklabs.com - N3HAZ
Parental Unit, UNIX Admin, Homebrewer, Cat Lover, Spam Fighter, HAM, SWLer...
    Visit the Radio For Peace International Website: http://www.rfpi.org/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            CLOBBER INTERNET SPAM:  See!! <http://spam.abuse.net/>        
                                   Join!! <http://www.cauce.org/>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
QOTD:
"Bush is a big corporation disguised as a human being running for president."
	-- Ralph Nader on David Letterman (9/28/00)