From: R. Steve McKown Date: Mon, 22 Sep 2014 16:50:02 +0000 (-0600) Subject: README: show how other users can run gitcreate X-Git-Tag: 0.9~2 X-Git-Url: https://oss.titaniummirror.com/gitweb?p=repo_shell.git;a=commitdiff_plain;h=af04042a17a26cf6f4d3fb7ac5af35cd1311cc2a README: show how other users can run gitcreate It is inconvenient for other users not to be able to create repositories. And generally repository creation is a safe operation, since the gitcreate script prevents its execution on a path already created. The worst case is junk being added that an administrator must remove, which is tolerable. In such cases, sudo can be configured to allow other users the ability to create new git repositories. --- diff --git a/README b/README index a604542..746b25d 100644 --- a/README +++ b/README @@ -213,6 +213,34 @@ application use output from the repo_shell -c command to determine access. This command returns one of three results. An empty return string means no access, an "r" means read-only, and "rw" means read-write access. += Allow other users to create repositories + +With the following configuration, other users could be configured to run the +`gitcreate` command using sudo. + +First, run `visudo` as root to edit the `/etc/sudoers` file. These entries +should appear before less specific rules. The Runas_Alias REPOUSER should be +set to the value of the `owner` variable defined in `/etc/repo_shell.conf`. + + # Allow select users to run gitcreate + User_Alias REPOCREATORS = user1, user2, user3 + Runas_Alias REPOUSER = repo + REPOCREATORS ALL = (REPOUSER) NOPASSWD: /usr/local/bin/gitcreate + +Now any users listed in the User_Alias REPOCREATORS can run the gitcreate +command. The command would be invoked as follows: + + ssh + sudo -u repo gitcreate path/to/newrepo.git + +Note that as of right now, repo_shell cannot be used to run this command in a +single ssh invocation, such as: + + ssh sudo gitcreate path/to/newrepo.git + +This is because repo_shell does not implement a full tty needed by sudo if it +must ask the user for a password to authenticate the action. + = References and links repo_shell owes great thanks to work shared by two other projects: