That's what I figured. Thanks Richard! On Thu, Aug 11, 2011 at 9:31 PM, Richard Hipp <[email protected]> wrote:
> > > On Thu, Aug 11, 2011 at 9:15 PM, Tomek Kott <[email protected]> wrote: > >> Hi fossil experts: >> >> If I get rid of all permissions from "nobody" and all the other default >> users, am I safe putting up a repository online that I would like to keep >> private? Assuming, of course, that I put the fossil repos in a folder that >> is not accessible publicly, but accessible to the cgi-bin process? >> >> I am testing this out at the moment through a new repo, and *I* can't >> find a way in, but that doesn't mean it's not possible :) >> > > It is *intended* to be secure. I sure hope it is, since I have a lot of > private repos out there. > > You need to disable all capabilities for both "nobody" and "anonymous" in > order to lock it down. I normally set up appropriate capabilities for > "reader" and "developer" and then when simply make authorized users either a > reader or a developer. > > >> >> Thanks, >> >> Tomek >> >> _______________________________________________ >> fossil-users mailing list >> [email protected] >> http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users >> >> > > > -- > D. Richard Hipp > [email protected] > > _______________________________________________ > fossil-users mailing list > [email protected] > http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users > >
_______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
