Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No way to add an emergency user except by going to debug shell #115

Open
tiberiuichim opened this issue Mar 19, 2023 · 8 comments
Open

No way to add an emergency user except by going to debug shell #115

tiberiuichim opened this issue Mar 19, 2023 · 8 comments
Labels
04 type: enhancement making existing stuff better

Comments

@tiberiuichim
Copy link

There's no script to add an emergency user.
@fredvd
Copy link
Member

fredvd commented Apr 7, 2023

Related to this issue. Before a site is created, Zope initialises the Database and there is an admin:admin user that is difficult to reset it's password of once you are in production. I only managed that aldo through starting a debug shell in the container and doing:

zoperoot.acl_users.users.manage_updateUserPassword('admin',password, password)

@tiberiuichim I assume you also mean an emergency user on the zope acl_users level, and not in the Plone site.

@ericof Should we add this to the docker_entrypoint.sh as a startup option to add extra users and/or change passwords. Or add a script like create_site.py and document it?

@davisagli
Copy link
Member

I think it makes sense to expose the Zope addzopeuser script (https://zope.readthedocs.io/en/latest/operation.html#adding-users) in docker_entrypoint.sh.

@spereverde
Copy link
Member

spereverde commented Apr 7, 2023 via email

@ericof ericof added the 04 type: enhancement making existing stuff better label Apr 7, 2023
@ericof
Copy link
Member

ericof commented Apr 7, 2023

I agree with @davisagli suggestion

@fredvd
Copy link
Member

fredvd commented Apr 7, 2023
edited
Loading

I checked the addzopeuser docs that were linked. This doesn't solve the use case of changing the admin password. You can add extra users, but from what I remember you cannot change user passwords, it is also not mentionned in the docs. But for that we can add an additional script.

So to call addzopeuser we can extend the docker_entrypoint script and call the tool there with the path to zope.conf already provided?

@ericof Could we also extend create_site.py to pick up an environment variable with the admin password if it is present. And let the script before creating the Plone site also update the zope admin password with that password? Then we have the admin:admin case also solved.

We can insert it through an environment secret.

[edit:] there is the secret file you can create, but I don't think it's very secure to have that file in the container available all the time.

@erral
Copy link
Member

erral commented Apr 11, 2023

I checked the addzopeuser docs that were linked. This doesn't solve the use case of changing the admin password. You can add extra users, but from what I remember you cannot change user passwords, it is also not mentionned in the docs. But for that we can add an additional script.

You should be able to change the password for the Zope root admin user through server:8080/acl_users/manage_main right?

@Rudd-O
Copy link
Contributor

Rudd-O commented Apr 19, 2023

Yes. It should be clearly documented how to change the password of an existing admin user after creating a second emergency admin user. We know this by heart, but 99.9999999% of mankind does not.

@stevepiercy
Copy link
Contributor

Please suggest an existing location for this information in the docs, or a new one. Perhaps:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
04 type: enhancement making existing stuff better
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@davisagli @stevepiercy @tiberiuichim @ericof @Rudd-O @fredvd @erral @spereverde