From 93b71eb72688cc501a9435325699eea55b93974c Mon Sep 17 00:00:00 2001
From: Ruben Verborgh <ruben@verborgh.org>
Date: Mon, 18 Oct 2021 14:59:42 +0100
Subject: [PATCH] docs: Add more warning to root ACLs.

---
 templates/root/empty/.acl         | 13 ++++++++++++-
 templates/root/prefilled/.acl     | 13 ++++++++++++-
 templates/setup/response.html.ejs |  2 +-
 3 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/templates/root/empty/.acl b/templates/root/empty/.acl
index 65b4fa2b8..9916219fb 100644
--- a/templates/root/empty/.acl
+++ b/templates/root/empty/.acl
@@ -1,7 +1,18 @@
-# Root ACL resource generated by the Community Server to allow public access
+# WARNING: DO NOT USE UNMODIFIED UNLESS FOR TESTING PURPOSES.
+# WHEN IN DOUBT, DELETE THIS DOCUMENT.
+#
+# This root ACL resource allows unrestricted public access to all documents and subcontainers.
+#
+# This document was automatically generated by the Community Solid Server
+# because the "Expose a public root Pod" option was selected during setup,
+# or because setup has been bypassed.
+#
+# We strongly suggest to edit this document such that it restricts permissions.
+
 @prefix acl: <http://www.w3.org/ns/auth/acl#>.
 @prefix foaf: <http://xmlns.com/foaf/0.1/>.
 
+# Give all agents Read, Write, and Control permissions on everything
 <#authorization>
     a               acl:Authorization;
     acl:agentClass  foaf:Agent;
diff --git a/templates/root/prefilled/.acl b/templates/root/prefilled/.acl
index 65b4fa2b8..9916219fb 100644
--- a/templates/root/prefilled/.acl
+++ b/templates/root/prefilled/.acl
@@ -1,7 +1,18 @@
-# Root ACL resource generated by the Community Server to allow public access
+# WARNING: DO NOT USE UNMODIFIED UNLESS FOR TESTING PURPOSES.
+# WHEN IN DOUBT, DELETE THIS DOCUMENT.
+#
+# This root ACL resource allows unrestricted public access to all documents and subcontainers.
+#
+# This document was automatically generated by the Community Solid Server
+# because the "Expose a public root Pod" option was selected during setup,
+# or because setup has been bypassed.
+#
+# We strongly suggest to edit this document such that it restricts permissions.
+
 @prefix acl: <http://www.w3.org/ns/auth/acl#>.
 @prefix foaf: <http://xmlns.com/foaf/0.1/>.
 
+# Give all agents Read, Write, and Control permissions on everything
 <#authorization>
     a               acl:Authorization;
     acl:agentClass  foaf:Agent;
diff --git a/templates/setup/response.html.ejs b/templates/setup/response.html.ejs
index 10ecd5a72..c416ef82e 100644
--- a/templates/setup/response.html.ejs
+++ b/templates/setup/response.html.ejs
@@ -9,7 +9,7 @@
 <% if (initialize && !registration) { %>
 <h2>Root Pod</h2>
 <p>
-  <strong>The root Pod is publicly accessible.</strong>
+  <strong>Warning: the root Pod is publicly accessible.</strong>
   <br>
   Prevent public write and control access to the root
   by modifying its <a href=".acl">ACL document</a>.