开发者

Securing trac from anonymous users?

I have set up trac on my domain for issue tracking. How to I configure it so that when anonymous users visit the domain, ALL they see is a login form. Basically I want 2 security levels:

anonymous - visitors only have access to a login option

us开发者_如何转开发ers (i.e. everybody else who has logged in) - have access to everything

Thanks!


You can remove all permissions for the anonymous user:

trac-admin /path/to/projenv permission remove anonymous '*'

For details see the Trac permission docs
Trac offers two different permission groups by default:

  • authenticated
  • anonymous

The docs describe how to change the group defaults and how you can form new permission sets in the permission groups section.


The solution given by Thomas Zoechling does not work anymore, with trac 1.0.2 one needs to copy the permissions of anonymous user to authenticated manually:

trac-admin /path/to/projenv permission list anonymous
#gets: BROWSER_VIEW  CHANGESET_VIEW  FILE_VIEW  LOG_VIEW  MILESTONE_VIEW  REPORT_SQL_VIEW  REPORT_VIEW  ROADMAP_VIEW  SEARCH_VIEW  TICKET_VIEW  TIMELINE_VIEW  WIKI_VIEW
trac-admin /path/to/projenv permission remove anonymous '*'
trac-admin /path/to/projenv permission add authenticated BROWSER_VIEW  CHANGESET_VIEW  FILE_VIEW  LOG_VIEW  MILESTONE_VIEW  REPORT_SQL_VIEW  REPORT_VIEW  ROADMAP_VIEW  SEARCH_VIEW  TICKET_VIEW  TIMELINE_VIEW  WIKI_VIEW


You'll want to look at the AccountManagerPlugin. It allows form-based authentication. You also want to remove permissions form anonymous as described in the other post.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜