On 3/12/2015 3:45 AM, Graeme Pietersz wrote: > On 12/03/15 02:46, Andy Bradford wrote: >> Thus said Andy Goth on Wed, 11 Mar 2015 15:56:43 -0500: >>>> anonymous does have some privileges not inherited from nobody (hmncz) >>> >>> anonymous doesn't have z by default. >> >> No, but nobody does: >> https://www.fossil-scm.org/index.html/info/68ce0bcf6269988e >> Maybe what he really meant was that any user (not the Fossil Anonymous >> user), can access /zip by default? > > No. I created a new repo, ran > fossil user capabilities nobody "" > added a file to the repo (zip downloads do not work on an empty repo) and: > fossil user capabilities anonymous > returns: > hmncz
This has indeed changed since 1.28. http://www.fossil-scm.org/index.html/info/68ce0bcf6269988e > furthermore /zip redirects to login when not logged in, returns the zip > file if logged in as anonymous. I do seem to have 1.28 on this > particular machine so it may be something that has been fixed since. Take away z from anonymous to solve that problem. Heck, might as well take away everything from anonymous. -- Andy Goth | <andrew.m.goth/at/gmail/dot/com>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
