Please login or register to participate.
Wiki Page

HowTo: Change admin password of Zope instance user


Concepts and Introduction

In out-of-box deployment installation from ISO CD as well as from buildout, we create two administrative users. These are:

username: siteadmin
password: secret


username: admin
password: secret

Both these users will give you administrative rights on the site. What's the difference? Well the siteadmin user is a "regular" user on the site and the admin user is the "zope instance user". The siteadmin user's password can be changed from the default password of secret by simply logging in with the siteadmin user and setting the password by clicking the Change Password link in the User drop down menu at the top right corner as shown in this screenshot:

Change siteadmin password

This however does not work with the admin user. When you try to login with the admin user and change the password for that user, you will get an error message, which if you open up and try to analyze the detail will tell you that there was an AttributeError: getUserId in the testCurrentPassword method. What's actually happening is that you're trying to set a password for a user that doesn't really exist in the site at all!

Yes, the admin user exists outside the site. It's created at the zope instance level, and is this way because this user has to manage administrative tasks that are outside the realm of even the site, but rather exist at the Zope Application Server level. This admin user is required for performing any of the following tasks:
  • Purging the server code cache using the @@reload url at the root of the Zope server during development
  • Clearing WebDAV locks on resources that have been abandoned while locked for a long time
  • Packing the Zope Database file (Data.fs) by clearing internal historical and transactional information.
  • ... and other, equally important and difficult to understand things. :)

If you try to perform any of the above actions with the siteadmin user you will at minimum get an Insufficient Privileges message. So, it is necessary to change both these passwords when you set up a new instance.

How-To change the admin user's password

Let's walk through the steps of setting the admin user's password. The steps to do this are:

Log out!

If you're already logged in with an existing user in your sites, some of the screens below will behave weirdly and you may not figure out what is happening unless you're really experienced at this sort of thing. So please log out from your site before you try below steps. This set of steps creates a Browser authenticated session and using another user simultaneously logged in with the login form page cookie login, while possible, will cause unexpected results on the following screens.

Navigate to ZMI Server root

The default zope server typically runs at port 8080. This sometimes causes a conflict where buildout from source is being done in the case of shared servers and you might have needed to change this. To do this you would have edited the http-address parameter in the user.cfg file in your buildout and you'd already know what the port is. Substitute accordingly.

Go to ZMI root at:

http://<siteURL or IP address>:8080/

If you find yourself staring at this lovely screen, you got it right! Move on. :)

ZMI Home screen

Navigate to ZMI Server Management root

Add manage at the end of the URL to go to the Zope Management Interface (ZMI), proper. That's:

http://<siteURL or IP address>:8080/manage

When you hit that URL, you will be prompted for the Zope instance user's password. Login with admin/secret and you will be greeted by this internal management interface:

ZMI interface

Navigate to acl_users

Click on acl_users to open the Zope-level PAS plugins folder. Note that if you got curious and clicked on cynin you'll find another acl_users folder in there, we're not talking about that, right now, that's for setting up things like microsoft-active-directory-services-integration and so on. Click on the acl_users folder at the ZMI root.
ZMI Root acl_users

Navigate to Users

Navigate to the aptly named Users object. And there, you'll see a single user called admin.

ZMI root Users screen 

Click Password

Click on the Password link and set a long, difficult password. This admin user has the maximum possible rights on the entire Zope server, you'll be rarely using it, but it must be extremely difficult to guess by other people.

ZMI admin change password screen

How-To change the admin user's password, quickly!

So you're not into reading long and in-depth how-to's to get a good understanding of the facts. :)

We understand.

Go here:
http://<siteURL or IP address>:8080/acl_users/users/manage_users?user_id=admin&passwd=1
This brief how-to describes how to change the admin user's password. This is required to be done make your instance secure.
Comments (0)