diff options
author | Joey Hess <joey@kodama.kitenet.net> | 2008-07-16 17:56:41 -0400 |
---|---|---|
committer | Joey Hess <joey@kodama.kitenet.net> | 2008-07-16 17:56:41 -0400 |
commit | a3a48cc57d42884470141d1ffd14bedcb2490962 (patch) | |
tree | cee49d4312da9886a81f75b7b62d286cdc8d8139 /doc | |
parent | 294b2cd67fc6d1223d90691806b56e258ca325d2 (diff) |
response
Diffstat (limited to 'doc')
-rw-r--r-- | doc/rcs/git/discussion.mdwn | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/rcs/git/discussion.mdwn b/doc/rcs/git/discussion.mdwn index 2bb61c6a1..e56978631 100644 --- a/doc/rcs/git/discussion.mdwn +++ b/doc/rcs/git/discussion.mdwn @@ -91,3 +91,7 @@ What is the right permissions setup for a situation where both web and local use My usage is this: I have a repository /srv/git/wiki.git chowned to me:apache with 775/664 permissions recursively (where 'me' is my account and the ikiwiki administrator), a /srv/www/ikisrc chowned to apache:apache, and a /srv/www/html/wiki chowned to apache:apache. As is, I can commit to the wiki.git repo (because it is owned by me) and web users can commit to it as well (because the group also has write access) what happens when I create a new page from either of those sources? For example, the apache user running ikiwiki.cgi would create /srv/www/ikisrc/something.mdwn, commit and push it to /srv/git/wiki.git, but that new object is owned by apache:apache. If I then try to commit a change to something.mdwn from a cloned repo sitting on my laptop, for example, will the commit not fail because apache created the files? Does that mean that apache:apache should just own everything, and I should only commit through that user (via git:// protocol only, maybe, or ssh as apache instead of myself)? For some reason, my head can't quite wrap itself around the whole permissions issue. Thanks. --mrled + +> Ikiwiki is designed so that you don't have to worry about this kind of permissions issue. +> Instead you can just configure the ikiwiki.cgi, in the setup file, to be suid to your +> user. Then there's no need to let the web server's user modify files at all. --[[Joey]] |