On Jan 21, 2016, at 8:38 PM, Andy Bradford <amb-fos...@bradfords.org> wrote: > > One method would be to not have any user accounts on the public facing > HTTP repository. Then setup your SSH access repository location. > Finally, configure a cronjob that does ``fossil pull'' into the public > facing HTTP repository from the location where SSH access is given.
Cute! I like it. > unless you're using SSH keys, there is no > way to conveniently box SSH users into ``reader,'' ``developer,'' and > other Fossil Privileges and Capabilities. They are all fully privileged. Hmmmm, I hadn’t even considered how privileges were enforced in the SSH case. I guess it’s just logging in and modifying a local Fossil DB on the server, right? I don’t see that SSH keys help here. I think what you actually need is for each Fossil user to be modifying a separate Fossil DB file on the server, and for *that* to occasionally sync to a master repo elsewhere on that server, probably on HTTP but bound to localhost. TLS isn’t sounding so bad after all. _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users