From e45f408e2fdd175530381f64b4d0a9f2ee887694 Mon Sep 17 00:00:00 2001 From: Daniel Silverstone Date: Mon, 12 Mar 2012 17:24:41 +0000 Subject: NOTES: Update notes regarding legit/any legit/anonymous distinction --- notes/delegated-management | 15 +++++++++++++-- notes/rules-evaluation | 6 +++--- notes/rules-format | 4 ++-- notes/rules-magical | 4 +++- 4 files changed, 21 insertions(+), 8 deletions(-) (limited to 'notes') diff --git a/notes/delegated-management b/notes/delegated-management index 5099560..8865c29 100644 --- a/notes/delegated-management +++ b/notes/delegated-management @@ -26,12 +26,23 @@ if you want users to be able to alter their own. If you use either of the above rules to allow delegated administration, you probably want to pop a 'GrantClone(Group "some-admin-group")' and a -'DenyClone(User "*")' at the top of your legit-admin repository rules file. +'DenyClone(User "legit/any")' at the top of your legit-admin repository rules +file. If you're not worried about the security of the site should the admin repo be cloned by a non-admin then don't worry about those. It shouldn't be an issue unless you also store non-standard admin content which could be exploited, or -unless your user list or users' keys are considered secret. +unless your user list or users' keys are considered secret. Later if we store +email addresses etc in users' metadata files then it may be 'secret'. As such, +the *default* legit-admin repo-specific rules will contain: + +---8<---- +GrantClone(User "whatever") +DenyClone(User "legit/any") +---8<---- + +Where 'whatever' is the username you gave legit when it created your +fundamental admin repository commit. By default, when you set up legit, the legit-admin repository is created with the deny rules above and a group called legit-admin which contains the one user diff --git a/notes/rules-evaluation b/notes/rules-evaluation index 550c83b..6235fbe 100644 --- a/notes/rules-evaluation +++ b/notes/rules-evaluation @@ -19,7 +19,7 @@ The default set of core.rules legit will install in a fresh legit-admin repository are: ---8<---- -GrantClone(User "legit/anonymous") +GrantClone(User "legit/any") GrantWrite(User "legit/owner") ---8<---- @@ -27,5 +27,5 @@ This means that if the rule evaluator falls off the end of the repository-specific rules then as a last ditch effort we grant anonymous clone and full write/delete/etc access to the user marked as the owner of the repository. If evaluation ever falls off the end of the core rules then Legit -evaluates the built in stop-gap rule of 'Deny(User "*")' which effectively -denies everything to everyone. +evaluates the built in stop-gap rule of 'Deny(User "legit/any")' which +effectively denies everything to everyone. diff --git a/notes/rules-format b/notes/rules-format index edc03ef..223f216 100644 --- a/notes/rules-format +++ b/notes/rules-format @@ -30,7 +30,7 @@ Example rules file for myfrobbler: ---8<----- GrantFFWrite(Branch "master", User "myfrobbler-pqm") -DenyWrite(Branch "master", AllUsers) +DenyWrite(Branch "master", User "legit/any") GrantWrite(Branch "devs/$USER/**", Group "myfrobbler-devs") ---8<----- @@ -51,4 +51,4 @@ preventative measure so that they don't accidentally push to master without their patch robot getting to run tests. [See rules-evaluation for more] Note: If you grant any kind of write to a branch then you are also granting -read access to the entire repository. \ No newline at end of file +read access to the entire repository. diff --git a/notes/rules-magical b/notes/rules-magical index 51d9a72..33b7dd7 100644 --- a/notes/rules-magical +++ b/notes/rules-magical @@ -10,7 +10,9 @@ For example, the following users and groups are magical: legit/owner USER This evaluates to the user who is marked as owning a repository. - +legit/any USER + This evaluates to 'true' regardless of the user calling in. + i.e. it is anonymous PLUS every registered user. legit/anonymous USER This evaluates to the 'anonymous' access user (i.e. gitweb and git://) -- cgit v1.2.1