Remy Blank wrote: > Itamar O wrote: > > I was wondering how can I set up a permission group (e.g. "SiteAdmins") > > that can effectively do any thing available with the TRAC_ADMIN > permission, > > just excluding the ability to control plugins (meaning install new ones > > and enable / disable existing ones). > > You could disable the plugin admin panel, and probably also the logging > panel (so that they can't overwrite arbitrary files with the log file). > > Also, you may want to restrict access to the repositories admin panel, > as it currently can be used to "bind" any repository on the server. See: > > http://trac.edgewall.org/ticket/9511 > > Of course, all of this only works if your admins don't have shell > access. If they have, you'll probably need to use sudo. > > -- Remy > > Thanks for the tips Remy. If I disable those panels, it will be disabled for for everyone, right? Is it possible to enable / disable panels based on permissions? I want "SiteAdmins" to not have access, but "ServerAdmins" to have access. My site-admins don't have shell access (or remote desktop - the server is Windows).
Are there more possible vulnerabilities? Thanks, Itamar O. -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/trac-users?hl=en.
