diff options
| author | Joey Hess <joey@gnu.kitenet.net> | 2009-05-19 13:07:47 -0400 |
|---|---|---|
| committer | Joey Hess <joey@gnu.kitenet.net> | 2009-05-19 13:07:47 -0400 |
| commit | ef003f48f4a3fe8fb67fda62c70a299b07d75976 (patch) | |
| tree | cb5972026e6beed91b5eca2fa4962790244062bd /doc/tips/dot_cgi | |
| parent | 53b1c6f559c1d09fbdbc28c8e4d5090dd455cd26 (diff) | |
| parent | 4c5987d150b26f638494638f7861fb7646542a37 (diff) | |
Merge branch 'master' into po
Conflicts:
debian/changelog
Diffstat (limited to 'doc/tips/dot_cgi')
| -rw-r--r-- | doc/tips/dot_cgi/discussion.mdwn | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/doc/tips/dot_cgi/discussion.mdwn b/doc/tips/dot_cgi/discussion.mdwn new file mode 100644 index 000000000..124b9edff --- /dev/null +++ b/doc/tips/dot_cgi/discussion.mdwn @@ -0,0 +1,36 @@ +## warning: lighttpd only or both? + +Is your warning at the bottom (you don't know how secure it is) only about +lighttpd or it's about apache2 configuration as well? + +> The latter. (Although I don't know why using lighttpd would lead +> to any additional security exposure anyway.) --[[Joey]] + +I'm asking this because right now I want to setup an httpd solely for the +public use of ikiwiki on a general purpose computer (there are other things +there), and so I need to choose the more secure solution. --Ivan Z. + +> AFAIU, my main simplest security measure should be running the public +> ikiwiki's cgi under a special user, but then: how do I push to the repo +> owned by that other user? I see, probably I should setup the public wiki +> under the special user (so that it was able to create the cgi-script with +> the desired permission), and then give my personal user the required +> permissions to make a git-push by, say, creating a special Unix group for +> this. + +> Shouldn't there be a page here which would document a secure public and +> multi-user installation of ikiwiki (by "multi-user" I mean writable by a +> group of local Unix users)? If there isn't such yet, I started writing it +> with this discussion.--Ivan Z. + +> I see, perhaps a simpler setup would not make use of a Unix group, but +> simply allow pushing to the public wiki (kept under a special user) through +> git+ssh. --Ivan Z. + +>> Yes, it's certianly possible to configure git (and svn, etc) repositories so that +>> two users can both push to them. There should be plenty of docs out there +>> about doing that. +>> +>> The easiest way though is probably +>> to add your ssh key to the special user's `.ssh/authorized_keys` +>> and push that way. --[[Joey]] |