From 094af3d113f375f7faf2abf283615582a9977a65 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 22 Oct 2008 20:52:34 -0400 Subject: initial support for git repos with untrusted committers Still need to wire up the calls to check_* , but it's cold out here and my hands are going numb, so enough for now. --- doc/rcs/details.mdwn | 3 +++ doc/rcs/git.mdwn | 27 +++++++++++++++++++++++++++ 2 files changed, 30 insertions(+) (limited to 'doc/rcs') diff --git a/doc/rcs/details.mdwn b/doc/rcs/details.mdwn index e62f3ef49..089221cab 100644 --- a/doc/rcs/details.mdwn +++ b/doc/rcs/details.mdwn @@ -280,6 +280,9 @@ Here is a how a commit from a remote repository works: * git-commit in the remote repository * git-push, pushes the commit to the master repo on the server +* (Optionally, the master repo's pre-receive hook runs, and checks that the + update only modifies files that the pushing user is allowed to update. + If not, it aborts the receive.) * the master repo's post-update hook notices this update, and runs ikiwiki * ikiwiki notices the modifies page source, and compiles it diff --git a/doc/rcs/git.mdwn b/doc/rcs/git.mdwn index b210af825..2a6feecf5 100644 --- a/doc/rcs/git.mdwn +++ b/doc/rcs/git.mdwn @@ -100,6 +100,33 @@ repository, should only be writable by the wiki's admin, and *not* by the group. Take care that ikiwiki uses a umask that does not cause files in the srcdir to become group writable. (umask 022 will work.) +## git repository with untrusted committers + +By default, anyone who can commit to the git repository can modify any file +on the wiki however they like. A `pre-receive` hook can be set up to limit +incoming commits from untrusted users. Then the same limits that are placed +on edits via the web will be in effect for commits to git for the users. +They will not be allowed to edit locked pages, they will only be able to +delete pages that the [[plugins/remove]] configuration allows them to +remove, and they will only be allowed to add non-page attachments that the +[[plugins/attachment]] configuration allows. + +To enable this, you need to set up the git repository to have multiple +committers. Trusted committers, including the user that ikiwiki runs as, +will not have their commits checked by the `pre-receive` hook. Untrusted +committers will have their commits checked. The configuration settings to +enable are `git_test_receive_wrapper`, which enables generation of a +`pre-receive` hook, and `git_untrusted_committers`, which is a list of +usernames of the untrusted committers. + +Note that when the `pre-receive` hook is checking incoming changes, it +ignores the git authorship information, and uses the username of the unix +user who made the commit. Then tests including the `locked_pages` [[PageSpec]] +are checked to see if that user can edit the pages in the commit. + +You can even set up an anonymous user, to allow anyone to push +changes in via git rather than using the web interface. + ## Optionally using a local wiki to preview changes When working on the "working clones" to add content to your wiki, -- cgit v1.2.3