One thing to keep an eye on is uploading large files. It may be easier to
do this via git push than using the web, and that could be abused.
+Also, no checking is done that the authors of commits are right, so people
+can make a commit that pretends to be done by someone else.
+
## user setup
Add a dedicated user who will push in untrusted commits. This user should have
a locked password, and `git-shell` as its shell.
- root@bluebird:/home/joey>adduser --shell=/usr/bin/git-shell--disabled-password anon
+ root@bluebird:/home/joey>adduser --shell=/usr/bin/git-shell --disabled-password anon
Adding user `anon' ...
## ikiwiki setup
as.
Once you're done modifying the setup file, don't forget to run
-`ikiwiki -setup --refresh --wrappers` on it.
+`ikiwiki --setup ikiwiki.setup --refresh --wrappers` on it.
## git setup
You'll need to arrange the permissions on your bare git repository so that
user anon can write to it. One way to do it is to create a group, and put
-both anon and your regular user in that group. Then make make the bare git
+both anon and your regular user in that group. Then make the bare git
repository owned and writable by the group. See [[rcs/git]] for some more
tips on setting up a git repository with multiple committers.
be present in your repository, wasting space. Since nothing refers to it,
it will be expired eventually. You can speed up the expiry by running `git
prune`.
-
-When aborting a push, ikiwiki displays an error message about why it didn't
-accept it. If using git over ssh, the user will see this error message,
-which is probably useful to them. But `git-daemon` is buggy, and hides this
-message from the user. This can make it hard for users to figure out why
-their push was rejected. (If this happens to you, look at "'git log --stat
-origin/master..`" and think about whether your changes would be accepted
-over the web interface.)