]> WPIA git - infra.git/commit
projects / infra.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3939e00) | patch
upd: run git daemon as nobody, not git
authorLucas Werkmeister <mail@lucaswerkmeister.de>
Mon, 27 Mar 2017 20:10:41 +0000 (22:10 +0200)
committerLucas Werkmeister <mail@lucaswerkmeister.de>
Wed, 29 Mar 2017 08:43:42 +0000 (10:43 +0200)
commit201fe35a4016e4e68476b23d741c41f660c76b63
tree7a0fddb847daf2a5d113e6609757cbe13f2e696ftree | snapshot
parent3939e005001f14dcb328823cbec4814b4b5d8343commit | diff
upd: run git daemon as nobody, not git

The git daemon doesn’t require any privileges (assuming the repositories
are world-readable), and the git user owns /gitweb-socket (and possibly
also the repositories). ReadOnlyDirectories=/ should prevent the git
daemon to make any modifications to those directories, but still,
there’s no harm done in locking it down even further.

Change-Id: Ib0209de31d7b556a209bbf89fad47d713ff9aaff
modules/gitweb/files/git@.service diff | blob | history
WPIA Technical Infrastructure