On Thu, 2011-11-10 at 06:59 +0000, Cooke, Mark wrote:
>
> > The second problem is that we run trac, and (as recommended
> > by the trac project) use post-commit hooks to log repository
> > changes into the trac timeline. This fails when svn+ssh://
> > is used, as the process owner does not have permission to
> > use trac-admin in that way.
>
> ...as a trac user (but being a windoze shop, not svn+ssh) I was wondering, is this a fundamental trac problem or a local configuration issue? If it is trac then it should be reported to trac-users too...
Normally your svn+ssh process runs as the user who's credentials were
supplied. Trac-admin does not allow general users to do much of anything
on a linux box, not sure about windows.
I would say it was a fundamental trac problem, resulting from a
collision of 2 sets of assumptions for security. That is, svnserve will
run as a local, authenticated user for security, audit trail, etc.
trac-admin will only update the timeline (or make any other change) if
it is superuser (or somesuch).
There might be a way to configure trac-admin to allow anyone to make
those changes, but that exposes the trac installation to greater risk.
Sigh - I will just strongly suggets to our engineers that they use
http:// protocol only, most do already.
Tony
>
> ~ mark c
Received on 2011-11-10 08:15:48 CET