Itamar O wrote: > I was wondering how can I set up a permission group (e.g. "SiteAdmins") > that can effectively do any thing available with the TRAC_ADMIN permission, > just excluding the ability to control plugins (meaning install new ones > and enable / disable existing ones).
You could disable the plugin admin panel, and probably also the logging panel (so that they can't overwrite arbitrary files with the log file). Also, you may want to restrict access to the repositories admin panel, as it currently can be used to "bind" any repository on the server. See: http://trac.edgewall.org/ticket/9511 Of course, all of this only works if your admins don't have shell access. If they have, you'll probably need to use sudo. -- Remy
signature.asc
Description: OpenPGP digital signature
