Page MenuHomePhabricator

Cleanup and errata for repository hosting
Closed, ResolvedPublic

Description

  • Mention diffusion.ssh-user.
  • When creating a hosted repository, it defaults to having all its hosting options off.
  • When hosting an existing repository, the default "Can Push" policy is very open.
  • When adding a user, /etc/shadow may need !! -> NP to enable login.
  • Add tips for debugging sshd with -d -d -d?

Event Timeline

epriestley raised the priority of this task from to Normal.
epriestley updated the task description. (Show Details)
epriestley added a project: Diffusion.
epriestley added a subscriber: epriestley.

Also that TTY-only thing in sudoers.

More notes:

  • One user hit an issue with "sudoers.d/" or similar not being included by default, so their changes had no effect. This is hard for us to detect.
  • The "#includedir" directive is slightly magical and not a comment.
  • su <vcs-user>; sudo -E -n -u <daemon-user> -- /path/to/some/binary --help is a useful diagnostic test to figure out if sudoers is configured properly.
  • The "sorry a password is required to run sudo" message is worthless and means "something is wrong with sudoers".
  • A user hit an issue where they had several copies of git-upload-pack on their system. This causes the generic sudo failure, and looks like a success.

+@zeeg

The commands in the docs say sshd, but sshd requires an absolute path. They should say /path/to/sshd.

The sshd_config template has a different hook path than the example in the documentation text.

The vcs-user needs a login shell (not /bin/false) although it won't actually be invoked.

The -ne in the hook should be !=.

We should support ssh-dss keys as well.

  • One user was confused about needing vcs-user@ for HTTP. This could be more explicit.
  • GIT_CURL_VERBOSE is diagnostically useful for Git HTTP.
  • The documentation should walk you through doing a clone at the end.

After D7884, we should document how to install custom hooks ("drop 'em into the .d directories"), the additional environmental variables available, when they fire ("after Herald stuff"), and the lack of mercurial support ("lol mercurial").

The repo hosting guide did not make it clear to me:

  • that the daemon user is the one handling the repositories on the file system. I first thought it would be the sshd user (namely "git").
  • that the ssh-auth script used by sshd does not only need adequate file perms (root 755) but also adequate perms on the parent folders - required by sshd. I first tried to put it not in the described /etc but in a different folder structure and stumbled across this.

Maybe this could be improved.

The only thing remaining here is:

  • When creating a hosted repository, it defaults to having all its hosting options off.

Instead, these should probably be something like:

  • SSH: Read/Write if diffusion.ssh-user is set?
  • HTTP: Read/Write if diffusion.allow-http-auth is set?

I don't think we have a totally unambiguous way to pick defaults, but those are probably better than the status quo.

The only thing remaining here is:

  • When creating a hosted repository, it defaults to having all its hosting options off.

Instead, these should probably be something like:

  • SSH: Read/Write if diffusion.ssh-user is set?
  • HTTP: Read/Write if diffusion.allow-http-auth is set?

I don't think we have a totally unambiguous way to pick defaults, but those are probably better than the status quo.

I can handle that.