On Thu, Aug 11, 2011 at 9:15 PM, Tomek Kott <[email protected]> wrote:
> Hi fossil experts: > > If I get rid of all permissions from "nobody" and all the other default > users, am I safe putting up a repository online that I would like to keep > private? Assuming, of course, that I put the fossil repos in a folder that > is not accessible publicly, but accessible to the cgi-bin process? > > I am testing this out at the moment through a new repo, and *I* can't find > a way in, but that doesn't mean it's not possible :) > It is *intended* to be secure. I sure hope it is, since I have a lot of private repos out there. You need to disable all capabilities for both "nobody" and "anonymous" in order to lock it down. I normally set up appropriate capabilities for "reader" and "developer" and then when simply make authorized users either a reader or a developer. > > Thanks, > > Tomek > > _______________________________________________ > fossil-users mailing list > [email protected] > http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users > > -- D. Richard Hipp [email protected]
_______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
