[Zope] Overdue comments on 6-1-Security.stx

Chris Withers chrisw@nipltd.com
Mon, 04 Sep 2000 12:16:58 +0100

Chris McDonough wrote:
> > > See (sneak peek) http://www.zope.org/Members/mcdonc/PDG/6-1-Security.stx,
> > > section named "The Superuser".
> >
> > No offence meant, but it doesn't do a very good job of explaining _why_
> > the superuser can't own anything.
> Well, I think the real problem is that the account that you use to
> "bootstrap" Zope is named "superuser".  If it was named something else
> like "bootstrapuser" or "fixupuser" or something, I doubt you'd wonder why
> it couldn't own anything.

Well, okay, let me rephrase the question:
Why is it bad for the bootstrap user to own anything?
It used to be considered okay before Zope 2.2, so was has been
changed/discovered that makes this now such a bad idea that despite
loads of newbie pain and confusion, it's still worth while/necessary?

> > Come to thing of it, is there a concise description anywhere of what the
> > new rules are WRT to ownership, the logged in user and how 'code' of all
> > the various types is executed?
> What isn't covered in that document that you'd like to know?

Urm, again, no offence ('cos I think the book is aimed at a different
audience) but the keyword for me was 'concise'. I did have a look at the
document above, but didn't read it 'cos it looked about 10 pages long

I'm looking for something closer to 10 _lines_ long, but that may not be
possible ;-)