IRC log of #zope for Sunday, 2012-02-19

*** J1m has quit IRC00:01
*** J1m has joined #zope00:03
*** tiwula has quit IRC00:19
*** [Arfrever] has quit IRC00:21
*** [Arfrever] has joined #zope00:24
*** J1m has quit IRC00:26
*** J1m has joined #zope00:27
*** J1m has quit IRC00:27
*** RichyB has quit IRC00:30
*** RichyB has joined #zope00:33
*** alga has joined #zope01:07
*** m8 has quit IRC01:10
*** dayne has joined #zope01:36
*** _mup_ has quit IRC02:00
*** _mup_ has joined #zope02:00
*** tiwula has joined #zope02:12
*** tiwula has quit IRC02:43
*** Arfrever has quit IRC02:43
*** Arfrever has joined #zope03:00
*** RichyB has quit IRC04:31
*** alga has quit IRC04:35
*** kiorky has quit IRC10:18
*** mr_jolly has joined #zope10:20
*** JT has quit IRC10:25
*** zagy1 has joined #zope10:34
*** zagy has quit IRC10:37
*** ajmitch has quit IRC10:46
*** ajmitch has joined #zope10:46
*** ajmitch has joined #zope10:46
*** TomBlockley has joined #zope10:48
*** JT has joined #zope10:50
*** kiorky has joined #zope11:15
*** JT has quit IRC11:15
*** TomBlockley has quit IRC11:23
*** JT has joined #zope12:13
*** yvl has joined #zope12:48
*** yvl has quit IRC12:48
*** RichyB has joined #zope13:03
*** Big has joined #zope13:06
Bighey all, is there a way to restrict access on a project running on zope to certain IP ?13:06
Biglike we do in apache's .htaccess ?13:07
betabuguse apache's .htaccess13:07
Bigatleast the /html/admin not entire project13:07
betabugyour zope site should be served behind apache13:07
Bigare you sure?13:07
Bigcurl --head shows Zope as webserver13:07
RichyBIn theory, you can specify the domain from which any user in acl_users can log in from.13:07
RichyBI am not sure whether that functionality actually works.13:08
betabugyes (well, you could use something else as httpd too)13:08
*** RichyB has left #zope13:08
*** RichyB has joined #zope13:08
betabugBig: yes, the server header still says Zope, but any real zope setup should be served behind a real web server13:08
RichyBbut 90% of the time, what you want to be doing is putting zope behind apache, with ProxyPass or RewriteRule [P] to pass requests through to the Zope instance.13:08
RichyB(or lighttpd or nginx or any other decent webserver)13:09
Bigso the Domains part is actually the hostname or IP of user ?13:09
RichyBThink so, but I don't know how well or even if that feature works.13:09
betabugI wouldn't rely on it13:10
betabugI suggest to restrict from the web server13:11
Bigbut from webserver it will allow me to specify which folder to restrict ?13:11
Biglike only admin but not hte frontendfor users ?13:11
betabugsure should be possible13:13
Bighow to find out the path of web files in shell?13:13
BigI wasn't the person who set it up in the first place13:13
Big /usr/local/www/Zone28 doesn't shows anything newly created13:13
betabugwell, check your apache (or other web server) config files13:14
Bigah, i checked that already nothing is there for sure13:14
betabugdo you access the zope service on port 80?13:14
Bigi see this from shell when i ps13:15
Big /usr/local/bin/python2.4 /usr/local/www/Zope28/lib/python/Zope2/Startup/ -C /usr/local/www/Zope28/instances/webdns/etc/zop13:15
Bigseems running internal webserver of zope?13:15
betabugthat's the zope service13:15
betabugbut it's unlikely that they set up zope directly on port 8013:16
Bigit is set as port 8013:16
betabugcheck in /usr/local/www/Zope28/instances/webdns/etc/zope.conf13:16
betabugI doubt that they run zope directly on port 8013:16
betabugand if they do, you should change that immediately13:17
betabugbecause that would mean they start zope as root13:17
Bigits started as root13:17
betabugwhich is a big no-no13:17
Bigthere are couple of processes running as user www13:17
Bigchroot'ed maybe?13:17
betabugyou have Zope 2.8 there, which is really old13:18
Bigweird /usr/local/www/Zope28/instances/webdns/etc/zope.conf shows address 808013:18
Bigyeah the project been running since 2005 as i've been told13:18
Bigbut its kind of an environment "if its running keep it running"13:18
Bigso i'm trting to get things around things13:18
betabugso there is a web server in front13:18
Bigyeah seems so13:20
Bigthere is couple of -h xx.xx.xx.xx -p 8013:20
Bigbut seems thats not it13:20
betabughmm, maybe it's pound13:20
Bigthere is pound running13:21
betabugdunno if it could be only pound or if there would be apache too13:21
Bigits definietely pound13:21
Bigcuz i killed apache zope kept loading13:21
Bigbut if i shutdown pound its not13:22
betabugI don't have much experience with pound, dunno if it can restrict things13:22
Bigfrom zope's side its not possible?13:22
betabugI don't think there is an easy setting - try with the "domain" field in the user folder / user settings13:24
Bigwhats the formats of Domains ?13:26
Bigthe user's hostname or IP ?13:26
betabugprobably IP13:26
Bigbtw why there are two zope instances running? is it for redundency ?13:31
Bigbecause for some reason when i create new users sometiems they have to enter the password two-three times till a page loads, i'm thinking of a conflict in zope or so?13:32
betabugpeople use multiple instances to get more performance out of multi processor machines13:32
Bigweird non of the newly added users can no longer sign into the project, but they can login to /manage13:34
Bigi.e. /html/admin13:35
betabugyou tried to set the domain?13:36
Bignot yet13:36
Bigi added a user to test with13:36
Bigi want to see if it works with anyIP then i will add the IP part13:37
Bigany log i can check for zope?13:38
Bignever mind found Z2.log13:39
Bigin both instances13:39
Bigand a huge 10-13gb each event.log files13:40
betabughaha, some years worth of logs13:41
Bighehe yeah seems so13:41
Bigwhats Data.fs ?13:43
betabugthe actual database file13:43
Bigif the two instances running the application they should match in size, no ?13:43
betabugwell, normally if you have 2 instances running the same application, you have a third instance that is running as the "ZEO" database server13:44
Bigwhats the name of the process?13:44
Bigps aux |grep zeo didnt find any13:44
betabugprobably would be python too13:45
Bigi found at /usr/local/etc/rc.dthough13:45
betabugok, so probably there is a ZEO there13:45
betabugand that would have the "real" data.fs13:46
betabugso likely your setup is pound "balancing" 2 zope instance, which in turn are linked to 1 ZEO db server13:46
betabugwell, strictly ZEO isn't only a db server, but nevermind the details :-)13:47
Bigthis is really making me crazy :-) now all new users i create aren't working13:47
betabugwhere are you creating them? there might be user folders in various places13:48
betabugand their logins would be valid only "below" that user folder13:48
Bigacl_users in the root13:49
betabugwhat kind of app is running there? plone?13:49
Bigno, something custom developed to manage dns records13:50
Bigthus the name 'webdns'13:50
betabugdunno then, with plone users would have to be set up through plone13:50
Bigtwo of the original users who I changed the password for are working fine13:50
Bigthe newly created users are no longer fine13:50
Bigafter deleting multiple zombie users who left the project ages ago :-)13:51
Biglet me run only one instance and see if it works, i have a feeling the problem because of multiple instances13:52
betabugor some caching in pound?13:52
Bigdo you know how to modify this to start only one instance instead of two? inside the for loop above
Bigor just uze the zopectl inside the bin folder of that instance to stop it ?13:54
betabugeither that or change the zope28_instances list as mentioned in those comments13:55
BigError Value: You are not allowed to access 'index.html' in this context13:56
Bigthats what the new user is getting after trying to enter the pass for multiple times13:56
betabugmaybe you havne't set the proper roles for that user?13:57
Bigthe user can login to /manage with the owner/manager permission14:00
Bigbut not to the project running there /html/admin14:00
betabugcheck the security tab of that part to see what role he needs there14:00
Bigunder the project itself?14:05
betabugin the zope management interface14:05
Bigyes im there14:05
BigAcquire permission settings? are checked14:05
*** mr_jolly has quit IRC14:05
betabugwell, just look what roles are needed14:06
betabugand then make sure your newly created users have those roles14:06
*** giampaolo has joined #zope14:08
*** mr_jolly has joined #zope14:10
Bigno luck14:12
Bigseems working14:15
Biglet me try from anotehr browser14:15
Bigunfortunately due the use of pound its taking the server's forwarding IP not the the user's vistiting IP which showsin Z2.log14:18
Bigin the Domains part for restriction14:18
betabughmm, right14:22
betabugmaybe pound can restrict14:22
Bigill start digging into that, but it'll be more hard compared to zope14:22
Bigbecause it will restrict the entire visits including the aplication users14:23
*** giampaolo has quit IRC14:47
*** giampaolo has joined #zope14:48
*** alga has joined #zope14:49
*** giampaolo has quit IRC14:55
Bigwhere is Zope webserver setting ?15:11
*** J1m has joined #zope15:16
*** J1m has quit IRC15:19
*** J1m has joined #zope15:38
*** Big has left #zope15:46
*** Big has joined #zope15:46
*** ccomb has joined #zope16:03
*** J1m has quit IRC16:05
*** J1m has joined #zope16:09
*** binjured has left #zope16:10
*** ccomb has quit IRC17:26
*** RichyB has quit IRC17:49
*** giampaolo has joined #zope18:06
*** allisterb has joined #zope18:16
*** J1m has quit IRC19:31
*** J1m has joined #zope19:32
*** J1m has quit IRC19:48
*** m8 has joined #zope20:13
*** m8 has quit IRC20:14
*** m8 has joined #zope20:14
*** J1m has joined #zope20:55
*** J1m has quit IRC21:04
*** J1m has joined #zope21:33
*** J1m has quit IRC21:34
*** sfulmer has joined #zope22:52
*** alexpilz has joined #zope22:56
*** giampaolo has quit IRC23:04

Generated by 2.15.1 by Marius Gedminas - find it at!