Dear trac-ers,
I'm having difficulty configuring repository permissions correctly for
our use scenario.
We have:
A single Trac instance managing a complex project involving two svn
repositories.
A partially overlapping set of users who should be able to view and
commit to each repository.
Trac 0.12.2 is being served via Apache on a Debian system.
Users commit code using svn+ssh://<unix_username>@svnhost
Repository code browsing permissions are managed using the Trac http
login and AuthZ permissions file to control who can see which repository.
My concept for the unix permissions scheme is that we have three unix
groups "svn-repo-A", "svn-repo-B" and "svn-both". Users are in either
the A or B group, the Trac files are owned by "www-data" with full
permissions from the "svn-both" group, so that post-commit scripts can
be run when users commit to either repository. Repositories are owned
and readable by "www-data" and have the appropriate svn group. My
thought was that if "www-data" can read the repositories, Trac should be
able to browse the code (subject to the AuthZ permissions), and the unix
users should still be restricted to viewing only the appropriate
repository when they ssh in.
Everything seems to work fine, except that I can only get Trac repo
browsing to work if the repositories are set to world-readable, which
kind of defeats the purpose of having the separate unix permissions on
the repositories (since users can view other repository via ssh). Am I
thinking about this wrong? Or do I just have something configured wrong
somewhere?
Thanks for your help,
-skye
--
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/trac-users?hl=en.
