X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/0538498ed05f4abf3cb5102c299392d4b4c0086d..5dfcaf1f7f3c2ae8304465bdc10bd82bb862fa09:/doc/tips/untrusted_git_push.mdwn diff --git a/doc/tips/untrusted_git_push.mdwn b/doc/tips/untrusted_git_push.mdwn index 958e04e77..3573a0ddf 100644 --- a/doc/tips/untrusted_git_push.mdwn +++ b/doc/tips/untrusted_git_push.mdwn @@ -39,12 +39,15 @@ or manipulate tags. One thing to keep an eye on is uploading large files. It may be easier to do this via git push than using the web, and that could be abused. +Also, no checking is done that the authors of commits are right, so people +can make a commit that pretends to be done by someone else. + ## user setup Add a dedicated user who will push in untrusted commits. This user should have a locked password, and `git-shell` as its shell. - root@bluebird:/home/joey>adduser --shell=/usr/bin/git-shell--disabled-password anon + root@bluebird:/home/joey>adduser --shell=/usr/bin/git-shell --disabled-password anon Adding user `anon' ... ## ikiwiki setup @@ -71,7 +74,7 @@ Once you're done modifying the setup file, don't forget to run You'll need to arrange the permissions on your bare git repository so that user anon can write to it. One way to do it is to create a group, and put -both anon and your regular user in that group. Then make make the bare git +both anon and your regular user in that group. Then make the bare git repository owned and writable by the group. See [[rcs/git]] for some more tips on setting up a git repository with multiple committers.