No way to add an emergency user except by going to debug shell #115
Comments
|
Related to this issue. Before a site is created, Zope initialises the Database and there is an admin:admin user that is difficult to reset it's password of once you are in production. I only managed that aldo through starting a debug shell in the container and doing:
@tiberiuichim I assume you also mean an emergency user on the zope acl_users level, and not in the Plone site. @ericof Should we add this to the docker_entrypoint.sh as a startup option to add extra users and/or change passwords. Or add a script like create_site.py and document it? |
|
I think it makes sense to expose the Zope |
|
I agree that this should be possible
+1
…On Fri, Apr 7, 2023, 17:40 David Glick ***@***.***> wrote:
I think it makes sense to expose the Zope addzopeuser script (
https://zope.readthedocs.io/en/latest/operation.html#adding-users) in
docker_entrypoint.sh.
—
Reply to this email directly, view it on GitHub
<#115 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAIQ3BYRB77V2GXMVRS3FCTXAAYN3ANCNFSM6AAAAAAV755KOE>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
|
I agree with @davisagli suggestion |
|
I checked the addzopeuser docs that were linked. This doesn't solve the use case of changing the admin password. You can add extra users, but from what I remember you cannot change user passwords, it is also not mentionned in the docs. But for that we can add an additional script. So to call addzopeuser we can extend the docker_entrypoint script and call the tool there with the path to zope.conf already provided? @ericof Could we also extend create_site.py to pick up an environment variable with the admin password if it is present. And let the script before creating the Plone site also update the zope admin password with that password? Then we have the admin:admin case also solved. We can insert it through an environment secret. [edit:] there is the secret file you can create, but I don't think it's very secure to have that file in the container available all the time. |
You should be able to change the password for the Zope root admin user through server:8080/acl_users/manage_main right? |
|
Yes. It should be clearly documented how to change the password of an existing admin user after creating a second emergency admin user. We know this by heart, but 99.9999999% of mankind does not. |
|
Please suggest an existing location for this information in the docs, or a new one. Perhaps: |
There's no script to add an emergency user.
The text was updated successfully, but these errors were encountered: