diff options
author | Daniel Silverstone <dsilvers@digital-scurf.org> | 2012-03-12 17:24:41 +0000 |
---|---|---|
committer | Daniel Silverstone <dsilvers@digital-scurf.org> | 2012-03-12 17:24:41 +0000 |
commit | e45f408e2fdd175530381f64b4d0a9f2ee887694 (patch) | |
tree | 3fab095e82836c4d7e6b4d0940eba53608b5f3ae /notes | |
parent | b7d8f98bb4f3d72866c1a6dd7a15b8cc107e29a6 (diff) | |
download | gitano-e45f408e2fdd175530381f64b4d0a9f2ee887694.tar.gz |
NOTES: Update notes regarding legit/any legit/anonymous distinction
Diffstat (limited to 'notes')
-rw-r--r-- | notes/delegated-management | 15 | ||||
-rw-r--r-- | notes/rules-evaluation | 6 | ||||
-rw-r--r-- | notes/rules-format | 4 | ||||
-rw-r--r-- | notes/rules-magical | 4 |
4 files changed, 21 insertions, 8 deletions
diff --git a/notes/delegated-management b/notes/delegated-management index 5099560..8865c29 100644 --- a/notes/delegated-management +++ b/notes/delegated-management @@ -26,12 +26,23 @@ if you want users to be able to alter their own. If you use either of the above rules to allow delegated administration, you probably want to pop a 'GrantClone(Group "some-admin-group")' and a -'DenyClone(User "*")' at the top of your legit-admin repository rules file. +'DenyClone(User "legit/any")' at the top of your legit-admin repository rules +file. If you're not worried about the security of the site should the admin repo be cloned by a non-admin then don't worry about those. It shouldn't be an issue unless you also store non-standard admin content which could be exploited, or -unless your user list or users' keys are considered secret. +unless your user list or users' keys are considered secret. Later if we store +email addresses etc in users' metadata files then it may be 'secret'. As such, +the *default* legit-admin repo-specific rules will contain: + +---8<---- +GrantClone(User "whatever") +DenyClone(User "legit/any") +---8<---- + +Where 'whatever' is the username you gave legit when it created your +fundamental admin repository commit. By default, when you set up legit, the legit-admin repository is created with the deny rules above and a group called legit-admin which contains the one user diff --git a/notes/rules-evaluation b/notes/rules-evaluation index 550c83b..6235fbe 100644 --- a/notes/rules-evaluation +++ b/notes/rules-evaluation @@ -19,7 +19,7 @@ The default set of core.rules legit will install in a fresh legit-admin repository are: ---8<---- -GrantClone(User "legit/anonymous") +GrantClone(User "legit/any") GrantWrite(User "legit/owner") ---8<---- @@ -27,5 +27,5 @@ This means that if the rule evaluator falls off the end of the repository-specific rules then as a last ditch effort we grant anonymous clone and full write/delete/etc access to the user marked as the owner of the repository. If evaluation ever falls off the end of the core rules then Legit -evaluates the built in stop-gap rule of 'Deny(User "*")' which effectively -denies everything to everyone. +evaluates the built in stop-gap rule of 'Deny(User "legit/any")' which +effectively denies everything to everyone. diff --git a/notes/rules-format b/notes/rules-format index edc03ef..223f216 100644 --- a/notes/rules-format +++ b/notes/rules-format @@ -30,7 +30,7 @@ Example rules file for myfrobbler: ---8<----- GrantFFWrite(Branch "master", User "myfrobbler-pqm") -DenyWrite(Branch "master", AllUsers) +DenyWrite(Branch "master", User "legit/any") GrantWrite(Branch "devs/$USER/**", Group "myfrobbler-devs") ---8<----- @@ -51,4 +51,4 @@ preventative measure so that they don't accidentally push to master without their patch robot getting to run tests. [See rules-evaluation for more] Note: If you grant any kind of write to a branch then you are also granting -read access to the entire repository.
\ No newline at end of file +read access to the entire repository. diff --git a/notes/rules-magical b/notes/rules-magical index 51d9a72..33b7dd7 100644 --- a/notes/rules-magical +++ b/notes/rules-magical @@ -10,7 +10,9 @@ For example, the following users and groups are magical: legit/owner USER This evaluates to the user who is marked as owning a repository. - +legit/any USER + This evaluates to 'true' regardless of the user calling in. + i.e. it is anonymous PLUS every registered user. legit/anonymous USER This evaluates to the 'anonymous' access user (i.e. gitweb and git://) |