On Mon, Jul 1, 2013 at 5:01 PM, Stephan Beal <sgb...@googlemail.com> wrote:
> On Mon, Jul 1, 2013 at 10:57 PM, Rene <renew...@xs4all.nl> wrote: > >> see below the timeline the one at 20:49 is of zwart604 with no >> permissions on the master one. I probably do something wrong! >> > > If i'm not mistaken (and i might be - i'm not familiar with the details of > fossil's ssh bits), a user running over ssh has all permissions (because > that's what fossil uses when run in non-server/CGI mode). If, however, > fossil is using its HTTP server over ssh (i don't know whether it does or > not does, to be honest), then it "should" be setting up the permissions > properly for the user. Based on my interpretation of your results, a user > running over ssh has all permissions, as for a local user. i can't > immediately say whether that's expected or not. > I think you are right. The default behavior when running fossil locally is to let the user do anything requested. Presumably, if the user can run Fossil, then they can also edit the repository database file at will, and so there really isn't any point in trying to enforce permissions in that scenario. When you run the "fossil http" command, the user identified by each HTTP request is used. However, ssh does not run "fossil http", it uses "fossil test-http" instead (unless Andy has changed that in his local copy). And "fossil test-http", since it was originally designed for testing, gives every request "Admin" privilege, meaning it can do anything it want. I have not been following this thread closely, but perhaps the solution is to change the "test-http" near lean 296 in http_transport.c to be just "http". -- D. Richard Hipp d...@sqlite.org
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
