From: Joey Hess Date: Tue, 27 Nov 2007 17:41:18 +0000 (-0500) Subject: add some documentation about how to safely allow multiple committers to an X-Git-Tag: 2.15~16 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=cb777df0415cfad80a3725387b5fdbf5c95b8941;p=ikiwiki.git add some documentation about how to safely allow multiple committers to an ikiwiki git repository --- diff --git a/doc/rcs/git.mdwn b/doc/rcs/git.mdwn index 504ded17a..0353d1535 100644 --- a/doc/rcs/git.mdwn +++ b/doc/rcs/git.mdwn @@ -28,3 +28,22 @@ the bare repository, using either the `git` transport (if available), or `ssh`. The ikiwiki `post-commit` hook should be put in the bare repository. + +## git repository with multiple committers + +It can be tricky to get the permissions right to allow multiple people to +commit to an ikiwiki git repository. As the [[security]] page mentions, +for a secure ikiwiki installation, only one person should be able to write +to ikiwiki's srcdir. When other committers make commits, their commits +should go to the bare repository, which has a `post-update` hook that uses +ikiwiki to pull the changes to the srcdir. + +One setup that will work is to put all committers in a group (say, +ikiwiki), and use permissions to allow that group to commit to the bare git +repository. Make both the post-update hook and ikiwiki.cgi be setgid +to the group, as well as suid to the user who admins the wiki. The +`wrappergroup` [[setup_file_option|usage]] can be used to make the wrappers +be setgid to the right group. Then the srcdir, including its git +repository, should only be writable by the wiki's admin, and *not* by the +group. Take care that ikiwiki uses a umask that does not cause files in +the srcdir to become group writable. (umask 022 will work.) diff --git a/doc/security.mdwn b/doc/security.mdwn index a1c2120ce..34f820f6e 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -49,11 +49,11 @@ this. ## multiple accessors of wiki directory -If multiple people can write to the source directory ikiwiki is using, or -to the destination directory it writes files to, then one can cause trouble -for the other when they run ikiwiki through symlink attacks. +If multiple people can directly write to the source directory ikiwiki is +using, or to the destination directory it writes files to, then one can +cause trouble for the other when they run ikiwiki through symlink attacks. -So it's best if only one person can ever write to those directories. +So it's best if only one person can ever directly write to those directories. ## setup files