Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add notes to create an emergency user #1703

Open
wants to merge 7 commits into
base: 6.0
Choose a base branch
from
Open

add notes to create an emergency user #1703

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
caf2251
add notes to create an emergency user
1letter Sep 12, 2024
b4273e2
Sentence-case index.md
stevepiercy Sep 13, 2024
6ca3507
Merge content from Plone 5 docs in https://5.docs.plone.org/manage/de…
stevepiercy Sep 13, 2024
c695357
Merge branch '6.0' into create-an-emergency-user
stevepiercy Sep 13, 2024
8f92fa0
Merge branch '6.0' into create-an-emergency-user
stevepiercy Sep 29, 2024
634806d
Merge branch '6.0' into create-an-emergency-user
stevepiercy Oct 3, 2024
5fb84db
Merge branch '6.0' into create-an-emergency-user
stevepiercy Nov 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/backend/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ security
sending-email
subscribers
traversal-acquisition
users-groups
users-groups/index
vocabularies
widgets
workflows
Expand Down
13 changes: 0 additions & 13 deletions docs/backend/users-groups.md
View file
Open in desktop

This file was deleted.

64 changes: 64 additions & 0 deletions docs/backend/users-groups/emergency-user.md
View file
Open in desktop
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should now go in docs/admin-guide and be linked under the "Operate" heading of https://6.docs.plone.org/admin-guide/index.html

Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
---
myst:
html_meta:
"description": "Create an emergency user"
"property=og:description": "Create an emergency user"
"property=og:title": "Create an emergency user"
"keywords": "Plone, users, groups, emergency user, pip, buildout"
---

(user-groups-emergency-user-label)=

# Emergency user

An emergency user is one that you can use to regain administrative access to a Plone site.
If you lose the administrator password, or you inherit a project without proper documentation, you can create an emergency user.

First of all, do the following steps not in a production environment!
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What would someone do in a Production environment? Are they out of luck?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Of course, you can do this operations in a production env, but you should not do this. ;-)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What should someone do in production instead? We can't say "don't do this", then in the next section say "do this". It's very confusing.

Perhaps you can include what are the consequences and risks of doing this in production, aside from the obvious, specifically that the site will be down while adding the emergency user.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@1letter can you answer the following questions? I want to move this PR forward.

  1. What should someone do in production instead?
  2. If someone does this in production, what are the risks?
  3. In which environments is it OK to do this?



(user-groups-create-an-emergency-user-label)=

## Create an emergency user

There are two procedures to create an emergency user, depending on how you created and manage the Plone site.
For both scenarios, the commands you run will stop the Plone site, add a new user, and start the Plone site.

```{important}
You should always stop your Plone site before adding a new user.
```
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why? This is only necessary if the site uses a ZODB filestorage directly without using ZEO or Relstorage (then the storage is locked and can't be accessed by multiple processes at once).


```{important}
The new username must not be an existing one.
Therefore you should avoid the username `admin`, but use another arbitrary name, such as `admin2`.
```


(user-groups-emergency-user-pip-installation-label)=

### pip based Plone instance

You can run the following shell commands to create an emergency user.

```shell
./venv/bin/instance stop
./venv/bin/addzopeuser -c instance/etc/zope.conf <user> <password>
./venv/bin/instance start
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This assumes that Plone was installed into a Python virtualenv in the venv directory. That may or may not be the case.

It also assumes there is a script named instance, which is not usually the case when Plone was installed using pip.

```

Now you can login with the created user.


(user-groups-emergency-user-buildout-installation-label)=

### Buildout based Plone instance

With buildout and `plone.recipe.zope2instance`, you can run the following shell commands to create an emergency user.

```shell
bin/instance stop
bin/instance adduser <user> <password>
bin/instance start
```
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This assumes the buildout includes a plone.recipe.zope2instance section named instance. That may or may not be the case.


Now you can login with the created user.
20 changes: 20 additions & 0 deletions docs/backend/users-groups/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
myst:
html_meta:
"description": "Managing users and groups in Plone"
"property=og:description": "Managing users and groups in Plone"
"property=og:title": "Managing users and groups in Plone"
"keywords": "user, groups, Plone"
---

(backend-users-groups-label)=

# Users and groups


```{toctree}
:caption: Users and groups
:maxdepth: 2

emergency-user
```