0

I'm a control freak, so I wonder if there is a way to modify repo files from Trac? And if yes, how do I block it?

I've been playing around trac.ini but nothing seems to suggest it actually writes to repository, but I guess it's better to ask first :)

According to http://trac.edgewall.org/wiki/TracPermissions:

BROWSER_VIEW      View directory listings in the repository browser
LOG_VIEW          View revision logs of files and directories in the 
                  repository browser
FILE_VIEW         View files in the repository browser
CHANGESET_VIEW    View repository check-ins

So nothing here suggests edit or modification of SVN filesystem.

Helgi
  • 5,428
  • 1
  • 31
  • 48

4 Answers4

3

The correct answer is simple: No.

Trac is definitely a versatile repository browser. That's it. I've witnessed requests about how to attempt extensions of it's core capabilities by a plugin, that could commit to a connected repository, but as far as Trac core is in questions, any concern is baseless. Really.

hasienda
  • 2,390
  • 1
  • 13
  • 16
1

To the best of my knowledge, no, Trac doesn't change the SVN repo.

However, there are feature requests for that (see tickets #781 and #2956, for example), so it might start to be able someday.

Helgi
  • 5,428
  • 1
  • 31
  • 48
  • Exactly, but not only SVN. It does not change any connected repository. Current Trac is able to connect to a number of repositories now, including Git and Mercurial. – hasienda May 10 '12 at 20:01
0

If I recall correctly TRAC accesses the repo on the file system.

One simple way would be to setup your repository file permissions with read only access to the system account running TRAC.

Albin Sunnanbo
  • 46,430
  • 8
  • 69
  • 108
  • According to permissions page: http://trac.edgewall.org/wiki/TracPermissions there is only Repository Browser permission, so I should be ok without messing with server permissions? –  May 10 '12 at 09:23
  • I dont think I understand what you mean btw. I have both trac and svn on the same box, and both are owned by apache www-data. www-data can write to svn and trac. –  May 10 '12 at 12:47
0

If I were to attempt to do something like this, I would use svnsync and configure trac to work on a local mirror of a remote SVN repository.

If I were really worried about it, I would extend this one step further and put a pre-commit hook to into the remote SVN repository to isolate the TRAC instance and "fail" any commit originating from that TRAC instance.

Edwin Buck
  • 69,361
  • 7
  • 100
  • 138
  • does this mean trac CAN write to repository? –  May 10 '12 at 12:48
  • No, it means that if I were paranoid, I would configured SVN so it can't be written to, and even if it could, it wouldn't be the "right" repo. – Edwin Buck May 10 '12 at 19:36