launchpad-dev team mailing list archive

Thread
Date

Re: remove subscriptions job part 2

To: launchpad-dev@xxxxxxxxxxxxxxxxxxx
From: Aaron Bentley <aaron@xxxxxxxxxxxxx>
Date: Tue, 01 May 2012 15:03:06 -0400
In-reply-to: <4FA01D90.2020304@canonical.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120410 Thunderbird/11.0.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12-05-01 01:29 PM, curtis Hovey wrote:
> When I wrote jobs in the past, the job ran as a celebrity, such as
> the janitor, which is given permission to complete the task for the
> user. I think some security checkers continue to use celebrities
> for translations and registry process.  I do not know if celery is
> running as the proxy celebrity or as the user that initiated the
> change.

Most launchpad scripts actually ignore user-based security entirely.
They initialize with
scripts.execute_zcml_for_scripts(use_web_security=False)

The Celery job runner does the same.  It does not explicitly set a
current user.  (It does set the current dbuser, which varies by job type.)

Aaron
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+gM2oACgkQ0F+nu1YWqI3dggCghEd7VUF85Ynk5kfI5HQmg5hY
/3gAn2WOnOHefBvffQDO+GflvcovwHDk
=oTfK
-----END PGP SIGNATURE-----

References

Re: remove subscriptions job part 2
From: curtis Hovey, 2012-05-01