X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/dd464e4ca84f5305c19faa375dbded8f4ce8cc3b..b78a9e270424574b3f585fce9d83e7ba3296267f:/doc/rcs/git/discussion.mdwn diff --git a/doc/rcs/git/discussion.mdwn b/doc/rcs/git/discussion.mdwn index 4c7df375a..e56978631 100644 --- a/doc/rcs/git/discussion.mdwn +++ b/doc/rcs/git/discussion.mdwn @@ -83,3 +83,15 @@ Thanks to gitte on #git on Freenode and of course joeyh. Have a look at [[rcs/de I think it would be a good thing if the various git pages where somehow unified. It seems to me that [[tips/laptop_wiki_with_git]] is currently not so different from [[git]]. Let us see what joeyh thinks about the new git pages, but if this level of detail is to go there, I think it could pretty much include (maybe as sub pages) the info in [[tips/laptop_wiki_with_git]] and [[tips/laptop_wiki_with_git_extended]] --[[DavidBremner]] # Does 'push' from the shallow clones work for you? git-clone and git-fetch explicitly state it doesn't... + +------- + +## Permissions for web users and local users editing and creating pages +What is the right permissions setup for a situation where both web and local users will be editing and creatingt pages? +My usage is this: I have a repository /srv/git/wiki.git chowned to me:apache with 775/664 permissions recursively (where 'me' is my account and the ikiwiki administrator), a /srv/www/ikisrc chowned to apache:apache, and a /srv/www/html/wiki chowned to apache:apache. As is, I can commit to the wiki.git repo (because it is owned by me) and web users can commit to it as well (because the group also has write access) what happens when I create a new page from either of those sources? For example, the apache user running ikiwiki.cgi would create /srv/www/ikisrc/something.mdwn, commit and push it to /srv/git/wiki.git, but that new object is owned by apache:apache. If I then try to commit a change to something.mdwn from a cloned repo sitting on my laptop, for example, will the commit not fail because apache created the files? + +Does that mean that apache:apache should just own everything, and I should only commit through that user (via git:// protocol only, maybe, or ssh as apache instead of myself)? For some reason, my head can't quite wrap itself around the whole permissions issue. Thanks. --mrled + +> Ikiwiki is designed so that you don't have to worry about this kind of permissions issue. +> Instead you can just configure the ikiwiki.cgi, in the setup file, to be suid to your +> user. Then there's no need to let the web server's user modify files at all. --[[Joey]]