[Moin-user] Does this security setup sound good?

Kenneth McDonald kenneth.m.mcdonald at sbcglobal.net
Tue Apr 25 11:54:05 EDT 2006 

Thomas was right about my first message, I used a sloppy shorthand. Let 
me try to be more succinct and accurate in the description of my setup:

  1) "acl_before" grants all rights to our AdminGroup
  2) "acl_default" grants read-only rights to all users.
  3) The AdminTemplate uses "All: " to grant no writes to everyone. 
Therefore, AdminGroup can access these pages via the rights in 
"acl_before", but no one else can use them, not even see them.
  4) The EditorsTemplate uses "EditorGroup:read,write,delete,revert 
All:read" to allow editors to edit "official" pages, and everyone else 
to read them
   5) The PublicTemplate uses "Known:read,write,delete,revert All:read" 
to allow known users to edit public pages, and everyone to read them.

"acl_after" is currently blank.

This provides three levels of pages: admin, which are completely closed 
off except to admin users; "official" documentation pages, which can be 
edited by admin users and specified trusted editors, and read by 
everyone; and "public" documentation pages, which can be edited by all 
known users, and read by anyone.

So to return the original question; can anyone suggest a better way to 
set this up to achieve the same effect?

And, is there any way to disable the option that allows creation of a 
completely blank page? I've gone through multiconfig.py, but my brain is 
shrinking as I get older, and I can't hold all of the various options in 
it at the same time :-(.

Many thanks,
Ken

Thomas Waldmann wrote:
>> 1) in acl_before, we have AdminGroup:everything...
>
> There is no "everything" acl.
>
>> 3) On admin pages, we have #acl All:None
>
> There is no "None" acl.
>
>> 4) On pages only editable by trusted editors, we have #acl 
>> EditorGroup:read,write,delete,rename All:read
>
> There is no "rename" acl.
>
>> The are templates for AdminPageTemplate, TrustedEditorsTemplate, 
>> KnownEditableTemplate, which contain the acls given above.
>
> Be aware that users with no "admin" right, can't establish or change 
> ACLs.
>
> Maybe read HelpOnAccessControlLists again. And if you post stuff, 
> please copy it 1:1 or it maybe won't help much.
>
>
>
> -------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job 
> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache 
> Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Moin-user mailing list
> Moin-user at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/moin-user
>

More information about the Moin-user mailing list