X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/651acf8b1490ebdfe15c11fde3792c13fb118f31..dc76a6189faf22b50604a97db08ad9bd92b0245d:/doc/setup/byhand/discussion.mdwn diff --git a/doc/setup/byhand/discussion.mdwn b/doc/setup/byhand/discussion.mdwn index 97ae40438..deb79a8db 100644 --- a/doc/setup/byhand/discussion.mdwn +++ b/doc/setup/byhand/discussion.mdwn @@ -1 +1,22 @@ What directory is the 'working copy'? There can be two interpretations: the current dir and the .git dir. + +> It is fairly common terminology amoung all version control systems to use +> "working copy" to refer to a checkout from version control, including +> copies of all the versioned files, and whatever VCS-specific cruft that +> entails. So, a working copy is everything you get when you `git clone` +> a repository. --[[Joey]] + +------------------- + +The page says *"Note that this file should **not** be put in your wiki's directory with the rest of the files."* Why is that? + +One possible thing is security: Is it just a precaution or would anyone with "write" access to wiki be able to replace the file? + + --[[Martian]] + +> Anyone with the ability to delete/replace attachments via the web UI, or the ability +> to commit directly to the VCS, would be able to replace it. That breaks ikiwiki's +> security model, because replacing the setup file is sufficient to achieve +> arbitrary code execution as the user running the CGI and VCS hooks. --[[smcv]] + +>> Thanks. After all found it here: [[security]]. Now I wonder if I always use a file from the master branch, while limiting users to staging, it might fly...