[Dev] gitosis broken + server access + security practices

Nicolás Reynolds fauno at kiwwwi.com.ar
Wed Feb 15 17:05:24 GMT 2012

So gitosis is broken, spits errors when adding new users (even from the server
itself) and I really don't know how to debug it.

We were discussing on the channel if the privilege separation gitosis
provides is useful to us, since permissions are given to everyone to
every git repo anyway.

Smv says gitosis not only does this but also *only* allows the git user
(git at parabolagnulinux.org) access to the git repos. If we
were going to manage push privileges using regular ssh
methods (ssh-copy-id, authorized_keys, etc.), people could not only push
to the repos but have shell login if available or access to the full git
user's home, included .ssh/authorized_keys.

IMO this isn't a problem since it would allow anyone to quickly
participate on git development simply by being involved and having
another hacker to allow his pubkey. Or any other policies we define
politically rather than technically.

And git, being an unprivileged user, shouldn't have access to any other
important system files. We could even chroot it for that matter. The
point is that security shouldn't hinder participation and simplicity.

What do you think?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20120215/beb36424/attachment.sig>

More information about the Dev mailing list