IRC log of #zope for Sunday, 2012-02-19

« Saturday, 2012-02-18 Index Monday, 2012-02-20 »
*** J1m has quit IRC00:01
*** J1m has joined #zope00:03
*** tiwula has quit IRC00:19
*** [Arfrever] has quit IRC00:21
*** [Arfrever] has joined #zope00:24
*** J1m has quit IRC00:26
*** J1m has joined #zope00:27
*** J1m has quit IRC00:27
*** RichyB has quit IRC00:30
*** RichyB has joined #zope00:33
*** alga has joined #zope01:07
*** m8 has quit IRC01:10
*** dayne has joined #zope01:36
*** _mup_ has quit IRC02:00
*** _mup_ has joined #zope02:00
*** tiwula has joined #zope02:12
*** tiwula has quit IRC02:43
*** Arfrever has quit IRC02:43
*** Arfrever has joined #zope03:00
*** RichyB has quit IRC04:31
*** alga has quit IRC04:35
*** kiorky has quit IRC10:18
*** mr_jolly has joined #zope10:20
*** JT has quit IRC10:25
*** zagy1 has joined #zope10:34
*** zagy has quit IRC10:37
*** ajmitch has quit IRC10:46
*** ajmitch has joined #zope10:46
*** ajmitch has joined #zope10:46
*** TomBlockley has joined #zope10:48
*** JT has joined #zope10:50
*** kiorky has joined #zope11:15
*** JT has quit IRC11:15
*** TomBlockley has quit IRC11:23
*** JT has joined #zope12:13
*** yvl has joined #zope12:48
*** yvl has quit IRC12:48
*** RichyB has joined #zope13:03
*** Big has joined #zope13:06
Bighey all, is there a way to restrict access on a project running on zope to certain IP ?13:06
Biglike we do in apache's .htaccess ?13:07
betabuguse apache's .htaccess13:07
Bigatleast the /html/admin not entire project13:07
betabugyour zope site should be served behind apache13:07
Bighmm13:07
Bigare you sure?13:07
Bigcurl --head shows Zope as webserver13:07
RichyBIn theory, you can specify the domain from which any user in acl_users can log in from.13:07
RichyBI am not sure whether that functionality actually works.13:08
betabugyes (well, you could use something else as httpd too)13:08
*** RichyB has left #zope13:08
*** RichyB has joined #zope13:08
betabugBig: yes, the server header still says Zope, but any real zope setup should be served behind a real web server13:08
RichyBbut 90% of the time, what you want to be doing is putting zope behind apache, with ProxyPass or RewriteRule [P] to pass requests through to the Zope instance.13:08
Bigaha13:09
RichyB(or lighttpd or nginx or any other decent webserver)13:09
Bigso the Domains part is actually the hostname or IP of user ?13:09
RichyBThink so, but I don't know how well or even if that feature works.13:09
betabugI wouldn't rely on it13:10
betabugI suggest to restrict from the web server13:11
Bigbut from webserver it will allow me to specify which folder to restrict ?13:11
Biglike only admin but not hte frontendfor users ?13:11
betabugsure should be possible13:13
Bighow to find out the path of web files in shell?13:13
BigI wasn't the person who set it up in the first place13:13
Big /usr/local/www/Zone28 doesn't shows anything newly created13:13
betabugwell, check your apache (or other web server) config files13:14
Bigah, i checked that already nothing is there for sure13:14
betabugdo you access the zope service on port 80?13:14
Bigyes13:15
Bigi see this from shell when i ps13:15
Big /usr/local/bin/python2.4 /usr/local/www/Zope28/lib/python/Zope2/Startup/run.py -C /usr/local/www/Zope28/instances/webdns/etc/zop13:15
Bigseems running internal webserver of zope?13:15
betabugthat's the zope service13:15
betabugbut it's unlikely that they set up zope directly on port 8013:16
Bigit is set as port 8013:16
betabugcheck in /usr/local/www/Zope28/instances/webdns/etc/zope.conf13:16
betabugI doubt that they run zope directly on port 8013:16
betabugand if they do, you should change that immediately13:17
Bigwhy?13:17
betabugbecause that would mean they start zope as root13:17
Bigcorrect13:17
Bigits started as root13:17
betabugwhich is a big no-no13:17
Bigthere are couple of processes running as user www13:17
Bigchroot'ed maybe?13:17
betabugno13:18
betabugyou have Zope 2.8 there, which is really old13:18
Bigweird /usr/local/www/Zope28/instances/webdns/etc/zope.conf shows address 808013:18
betabugsee?13:18
Bigyeah the project been running since 2005 as i've been told13:18
Bigbut its kind of an environment "if its running keep it running"13:18
Bigso i'm trting to get things around things13:18
betabugso there is a web server in front13:18
Bigyeah seems so13:20
Bigthere is couple of server.py -h xx.xx.xx.xx -p 8013:20
Bigbut seems thats not it13:20
betabughmm, maybe it's pound13:20
Bigyeah!13:20
Bigthere is pound running13:21
betabugdunno if it could be only pound or if there would be apache too13:21
Bigits definietely pound13:21
Bigcuz i killed apache zope kept loading13:21
Bigbut if i shutdown pound its not13:22
betabugI don't have much experience with pound, dunno if it can restrict things13:22
Bigfrom zope's side its not possible?13:22
betabugI don't think there is an easy setting - try with the "domain" field in the user folder / user settings13:24
Bigwhats the formats of Domains ?13:26
Bigthe user's hostname or IP ?13:26
betabugprobably IP13:26
Bigbtw why there are two zope instances running? is it for redundency ?13:31
Bigbecause for some reason when i create new users sometiems they have to enter the password two-three times till a page loads, i'm thinking of a conflict in zope or so?13:32
betabugdunno13:32
betabugpeople use multiple instances to get more performance out of multi processor machines13:32
Bigweird non of the newly added users can no longer sign into the project, but they can login to /manage13:34
Bigi.e. /html/admin13:35
betabugyou tried to set the domain?13:36
Bignot yet13:36
Bigi added a user to test with13:36
Bigi want to see if it works with anyIP then i will add the IP part13:37
Bigany log i can check for zope?13:38
Bignever mind found Z2.log13:39
Bigin both instances13:39
Bigand a huge 10-13gb each event.log files13:40
betabughaha, some years worth of logs13:41
Bighehe yeah seems so13:41
Bigwhats Data.fs ?13:43
betabugthe actual database file13:43
Bigif the two instances running the application they should match in size, no ?13:43
betabugwell, normally if you have 2 instances running the same application, you have a third instance that is running as the "ZEO" database server13:44
Bigwhats the name of the process?13:44
Bigps aux |grep zeo didnt find any13:44
betabugprobably would be python too13:45
Bigi found zeo28.sh at /usr/local/etc/rc.dthough13:45
betabugok, so probably there is a ZEO there13:45
betabugand that would have the "real" data.fs13:46
betabugso likely your setup is pound "balancing" 2 zope instance, which in turn are linked to 1 ZEO db server13:46
betabugwell, strictly ZEO isn't only a db server, but nevermind the details :-)13:47
Bigthis is really making me crazy :-) now all new users i create aren't working13:47
betabugwhere are you creating them? there might be user folders in various places13:48
betabugand their logins would be valid only "below" that user folder13:48
Bigacl_users in the root13:49
betabugwhat kind of app is running there? plone?13:49
Bigno, something custom developed to manage dns records13:50
betabugaha13:50
Bigthus the name 'webdns'13:50
betabugdunno then, with plone users would have to be set up through plone13:50
betabugright13:50
Bigtwo of the original users who I changed the password for are working fine13:50
Bigthe newly created users are no longer fine13:50
Bigafter deleting multiple zombie users who left the project ages ago :-)13:51
Biglet me run only one instance and see if it works, i have a feeling the problem because of multiple instances13:52
betabugmaybe13:52
betabugor some caching in pound?13:52
Bigdo you know how to modify this to start only one instance instead of two? inside the for loop above http://dpaste.org/7Oc3S/13:53
Bigor just uze the zopectl inside the bin folder of that instance to stop it ?13:54
betabugeither that or change the zope28_instances list as mentioned in those comments13:55
BigError Value: You are not allowed to access 'index.html' in this context13:56
Bigthats what the new user is getting after trying to enter the pass for multiple times13:56
betabugmaybe you havne't set the proper roles for that user?13:57
Bigthe user can login to /manage with the owner/manager permission14:00
Bigbut not to the project running there /html/admin14:00
betabugcheck the security tab of that part to see what role he needs there14:00
Bigunder the project itself?14:05
betabugin the zope management interface14:05
Bigyes im there14:05
BigAcquire permission settings? are checked14:05
*** mr_jolly has quit IRC14:05
betabugwell, just look what roles are needed14:06
betabugand then make sure your newly created users have those roles14:06
*** giampaolo has joined #zope14:08
*** mr_jolly has joined #zope14:10
Bigno luck14:12
Bighmm14:15
Bigseems working14:15
Biglet me try from anotehr browser14:15
Bigunfortunately due the use of pound its taking the server's forwarding IP not the the user's vistiting IP which showsin Z2.log14:18
Bigin the Domains part for restriction14:18
betabughmm, right14:22
betabugmaybe pound can restrict14:22
Bigill start digging into that, but it'll be more hard compared to zope14:22
Bigbecause it will restrict the entire visits including the aplication users14:23
*** giampaolo has quit IRC14:47
*** giampaolo has joined #zope14:48
*** alga has joined #zope14:49
*** giampaolo has quit IRC14:55
Bigwhere is Zope webserver setting ?15:11
*** J1m has joined #zope15:16
*** J1m has quit IRC15:19
*** J1m has joined #zope15:38
*** Big has left #zope15:46
*** Big has joined #zope15:46
*** ccomb has joined #zope16:03
*** J1m has quit IRC16:05
*** J1m has joined #zope16:09
*** binjured has left #zope16:10
*** ccomb has quit IRC17:26
*** RichyB has quit IRC17:49
*** giampaolo has joined #zope18:06
*** allisterb has joined #zope18:16
*** J1m has quit IRC19:31
*** J1m has joined #zope19:32
*** J1m has quit IRC19:48
*** m8 has joined #zope20:13
*** m8 has quit IRC20:14
*** m8 has joined #zope20:14
*** J1m has joined #zope20:55
*** J1m has quit IRC21:04
*** J1m has joined #zope21:33
*** J1m has quit IRC21:34
*** sfulmer has joined #zope22:52
*** alexpilz has joined #zope22:56
*** giampaolo has quit IRC23:04
« Saturday, 2012-02-18 Index Monday, 2012-02-20 »

Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!