Page MenuHomePhabricator
Differential D8586

Update repository hosting documentation for all the issues users have hit
ClosedPublic
Actions

Authored by epriestley on Mar 21 2014, 5:49 PM.
Tags
None
Referenced Files
F14033570: D8586.diff
Sat, Nov 9, 6:20 PM
F13998352: D8586.diff
Thu, Oct 24, 9:02 AM
F13994232: D8586.id20366.diff
Wed, Oct 23, 4:46 AM
F13993437: D8586.diff
Tue, Oct 22, 10:50 PM
F13993417: D8586.id.diff
Tue, Oct 22, 10:43 PM
F13993414: D8586.id20365.diff
Tue, Oct 22, 10:42 PM
F13993410: D8586.id20366.diff
Tue, Oct 22, 10:40 PM
F13993408: D8586.id20404.diff
Tue, Oct 22, 10:38 PM
View All Files
Subscribers
bluehawk
epriestley
mbishopim3

Details

Reviewers
btrahan
chad
Maniphest Tasks
T4151: Cleanup and errata for repository hosting
Commits
Restricted Diffusion Commit
rP2e0301d647ae: Update repository hosting documentation for all the issues users have hit
Summary

Ref T4151. Addresses these issues:

  • Mentions diffusion.ssh-user.
  • Mentions /etc/shadow and !!.
  • Mentions /etc/passwd and shell.
  • Mentions sshd -d -d -d.
  • Mentions Defaults requiretty.
  • Adds AllowUsers to default configuration.
  • Mentions sudo -E ... as a troubleshooting step.
  • Mentions multiple VCS binaries.
  • Fixes sshd paths to be absolute.
  • Fixes example path in sshd_config template.
  • Mentions GIT_CURL_VERBOSE.
  • Walks users through cloning.
  • Adds documentation for custom hooks.
  • Mentions that only daemon-user interacts with repositories.
  • Added general troubleshooting guide.

I didn't fix these:

  • Weird one-time issue with sudoers.d/. We tell you to edit /etc/sudoers directly anyway.
  • Insane #includedir magic, as above.
  • Confusion around vcs-user for HTTP, since I think this is fairly clear.
  • Confusion around parent directory permissions -- not sure about this one, sshd normally runs as root?

I added an ssh-shell as a safer alternative to /bin/sh. I need to test this a bit more.

Test Plan
  • Read documentation.
  • Will test ssh-shell.

Diff Detail

Repository
rP Phabricator
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

epriestley updated this revision to Diff 20365.Mar 21 2014, 5:49 PM
epriestley retitled this revision from to Update repository hosting documentation for all the issues users have hit.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: btrahan.
epriestley added a task: T4151: Cleanup and errata for repository hosting.
Herald added a subscriber: epriestley.Mar 21 2014, 5:49 PM
epriestley updated this revision to Diff 20366.Mar 21 2014, 5:52 PM
  • Fix a couple minor issues.
bluehawk added a subscriber: bluehawk.Mar 21 2014, 6:33 PM

Love these changes, make things much clearer and easier to understand. I've made a couple comments.

src/docs/user/userguide/diffusion_hosting.diviner
291

Small typo, "git clone svn://"

321

What is phabricator-shell? I assume it should point to ssh/ssh-shell?

epriestley updated this revision to Diff 20404.Mar 25 2014, 4:36 PM
  • Fix "svn://", "ssh-shell".
chad accepted this revision.Mar 25 2014, 5:31 PM
chad added a reviewer: chad.
This revision is now accepted and ready to land.Mar 25 2014, 5:31 PM
epriestley updated this revision to Diff 20441.Mar 26 2014, 1:43 PM
epriestley edited edge metadata.

Remove all the "ssh-shell" stuff for now. I'd like to do this eventually, but I want to test it way more thoroughly first, and I think the security benefits are miniscule/theoretical. In contrast, the rest of the documentation updates are hugely useful.

epriestley closed this revision.Mar 26 2014, 1:44 PM
epriestley updated this revision to Diff 20442.

Closed by commit rP2e0301d647ae (authored by @epriestley).

Revision Contents
Changeset List

PathSize
resources/
sshd/
3 lines
src/
docs/
user/
userguide/
52 lines
180 lines

Diff 20442

View Options

resources/sshd/sshd_config.phabricator.example

Loading...
View Options

src/docs/user/userguide/diffusion_hooks.diviner

Loading...
View Options

src/docs/user/userguide/diffusion_hosting.diviner

Loading...
Phabricator · Built by Phacility