Hi all, I was wondering how can I set up a permission group (e.g. "SiteAdmins") that can effectively do any thing available with the TRAC_ADMIN permission, just excluding the ability to control plugins (meaning install new ones and enable / disable existing ones).
In case you wonder why I want this: it seems that plugins may expose the server to security threats, since any user with the ability to install and enable plugins can write a plugin that simply gives him control over the server (with access rights as the user running apache). I have a multi-environment setup, and I want to be able to give management rights to project-managers for their own Trac environments, without allowing them to take over the server. Any advice is appreciated, as well as comments / discussion regarding the security considerations I have raised. Itamar O. -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to trac-us...@googlegroups.com. To unsubscribe from this group, send email to trac-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/trac-users?hl=en.
