Date: Wed, 17 Feb 2016 11:56:46 -0800 From: Douglas Thrift <douglaswth@gmail.com> To: freebsd-ports@freebsd.org Subject: Re: New user/group in /usr/ports/UIDs and /usr/ports/GIDs Message-ID: <56C4D07E.8090107@gmail.com> In-Reply-To: <56C42E79.4040300@fechner.net> References: <56BF0836.6050507@fechner.net> <56C19E13.70203@fechner.net> <20160215094919.GI26283@home.opsec.eu> <56C1E8B3.8090301@fechner.net> <20160215152445.GK26283@home.opsec.eu> <56C25563.2090806@fechner.net> <56C25AAB.6000501@gmail.com> <56C2DB83.2090801@fechner.net> <56C37737.3040600@gmail.com> <56C42E79.4040300@fechner.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/17/2016 12:25 AM, Matthias Fechner wrote: > Am 16.02.2016 um 20:23 schrieb Douglas Thrift: >> While your arguments for user isolation make sense, they really only >> make sense if you were to be using gitolite or gitosis at the same time >> as gogs which I imagine would not be that common. I am not opposed to >> you having a gogs user on your system, but I think that the default user >> defined by the port should reflect a reasonable default for most people, >> and that user is git not gogs, even the gogs documentation directs you >> to use the git user. > > the default git user will not work, it has its homedir in /usr/local/git > but gogs expect it on /var/db/gogs/home. > I know, here is a second user generated but if I look on the pros and > cons I think using a dedicated gogs user is here more secure (for > security and also for the upgrade path in the future). > > > Gruß > Matthias > The home directory should be configurable, that should not be a problem. I set up Gogs manually from source on my system and have a git user whose home directory is actually /home/git and I don't have any problems. I don't think this is going to really make sense for most people, the default is to have Git urls of the form git@example.com:user/repo.git not gogs@example.com:user/repo.git. I really don't see that there is a huge security issue unless someone is trying to run Gogs at the same time as Gitolite or Gitosis where they would probably just end up changing what users things run as. Also, I don't see what upgrading has to do with anything. I think that it would be a huge mistake to have a user other than git as the default for this port. Users can configure their systems as they see fit, but I think the port should ship a reasonable default and that reasonable default should not have any POLA violations. -- Douglas William Thrift <http://douglasthrift.net/>;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56C4D07E.8090107>