Thus said Richard Hipp on Mon, 01 Jul 2013 17:23:58 -0400: > When you run the "fossil http" command, the user identified by each > HTTP request is used. However, ssh does not run "fossil http", it uses > "fossil test-http" instead (unless Andy has changed that in his local > copy). And "fossil test-http", since it was originally designed for > testing, gives every request "Admin" privilege, meaning it can do > anything it want.
Bingo! The problem was that I failed to understand the significance of test-http and thought it was simply part of a test that the ``interactive'' shell initialization setup that it went through used to determine if the SSH connection was established. I wondered how the remote ``fossil http'' knew about the fact that the SSH connected user had permission. Thanks for clarifying. Andy -- TAI64 timestamp: 4000000051d21e57 _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users