From cb777df0415cfad80a3725387b5fdbf5c95b8941 Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kitenet.net>
Date: Tue, 27 Nov 2007 12:41:18 -0500
Subject: [PATCH] add some documentation about how to safely allow multiple
 committers to an ikiwiki git repository

---
 doc/rcs/git.mdwn  | 19 +++++++++++++++++++
 doc/security.mdwn |  8 ++++----
 2 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/doc/rcs/git.mdwn b/doc/rcs/git.mdwn
index 504ded17a..0353d1535 100644
--- a/doc/rcs/git.mdwn
+++ b/doc/rcs/git.mdwn
@@ -28,3 +28,22 @@ the bare repository, using either the `git` transport (if available), or
 `ssh`.
 
 The ikiwiki `post-commit` hook should be put in the bare repository.
+
+## git repository with multiple committers
+
+It can be tricky to get the permissions right to allow multiple people to
+commit to an ikiwiki git repository. As the [[security]] page mentions,
+for a secure ikiwiki installation, only one person should be able to write
+to ikiwiki's srcdir. When other committers make commits, their commits
+should go to the bare repository, which has a `post-update` hook that uses
+ikiwiki to pull the changes to the srcdir.
+
+One setup that will work is to put all committers in a group (say,
+ikiwiki), and use permissions to allow that group to commit to the bare git
+repository. Make both the post-update hook and ikiwiki.cgi be setgid
+to the group, as well as suid to the user who admins the wiki. The
+`wrappergroup` [[setup_file_option|usage]] can be used to make the wrappers
+be setgid to the right group. Then the srcdir, including its git
+repository, should only be writable by the wiki's admin, and *not* by the
+group. Take care that ikiwiki uses a umask that does not cause files in
+the srcdir to become group writable. (umask 022 will work.)
diff --git a/doc/security.mdwn b/doc/security.mdwn
index a1c2120ce..34f820f6e 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -49,11 +49,11 @@ this.
 
 ## multiple accessors of wiki directory
 
-If multiple people can write to the source directory ikiwiki is using, or
-to the destination directory it writes files to, then one can cause trouble
-for the other when they run ikiwiki through symlink attacks.
+If multiple people can directly write to the source directory ikiwiki is
+using, or to the destination directory it writes files to, then one can
+cause trouble for the other when they run ikiwiki through symlink attacks.
 
-So it's best if only one person can ever write to those directories.
+So it's best if only one person can ever directly write to those directories.
 
 ## setup files
 
-- 
2.26.2