README: show how other users can run gitcreate

It is inconvenient for other users not to be able to create
repositories.  And generally repository creation is a safe operation,
since the gitcreate script prevents its execution on a path already
created.  The worst case is junk being added that an administrator must
remove, which is tolerable.

In such cases, sudo can be configured to allow other users the ability
to create new git repositories.

diff --git a/README b/README
index a6045429a50f923d00617843e30e50bb242cad2b..746b25db72b9793eddcd21164d15f2d3d9583cf2 100644 (file)
--- a/README
+++ b/README
@@ -213,6 +213,34 @@ application use output from the repo_shell -c command to determine access.
 This command returns one of three results.  An empty return string means no
 access, an "r" means read-only, and "rw" means read-write access.
 
+= Allow other users to create repositories
+
+With the following configuration, other users could be configured to run the
+`gitcreate` command using sudo.
+
+First, run `visudo` as root to edit the `/etc/sudoers` file.  These entries
+should appear before less specific rules.  The Runas_Alias REPOUSER should be
+set to the value of the `owner` variable defined in `/etc/repo_shell.conf`.
+
+    # Allow select users to run gitcreate
+    User_Alias REPOCREATORS = user1, user2, user3
+    Runas_Alias REPOUSER = repo
+    REPOCREATORS ALL = (REPOUSER) NOPASSWD: /usr/local/bin/gitcreate
+
+Now any users listed in the User_Alias REPOCREATORS can run the gitcreate
+command.  The command would be invoked as follows:
+
+    ssh <repohost>
+    sudo -u repo gitcreate path/to/newrepo.git
+
+Note that as of right now, repo_shell cannot be used to run this command in a
+single ssh invocation, such as:
+
+    ssh <repohost> sudo gitcreate path/to/newrepo.git
+
+This is because repo_shell does not implement a full tty needed by sudo if it
+must ask the user for a password to authenticate the action.
+
 = References and links
 
 repo_shell owes great thanks to work shared by two other projects: