Add chapter on gitno admin user and ssh config

1 files changed, 30 insertions, 0 deletions

diff --git a/doc/admin/000.mdwn b/doc/admin/000.mdwn
index 8d74b73..25456cf 100644
--- a/doc/admin/000.mdwn
+++ b/doc/admin/000.mdwn
@@ -33,6 +33,36 @@ Access control to Gitano is defined using a language called Lace. It
 is a fairly simple textual language for expressing what actions Gitano
 users can and can't do.
 
+# Gitano admin users
+
+Gitano recognises users based on the ssh key they use to log in. Each
+user may have multiple keys, but each key may only be used by one
+user.
+
+Gitano admis  need to be  in the  `gitano-admin` group. When  a Gitano
+instance is first created by the sysadmin (by running `gitano-setup`),
+as part of the process an admin  user is created. This user belongs to
+the `gitano-admin` group. (FIXME: is this how it goes?)
+
+It is easiest if the admins have one account that they both for normal
+Gitano use and for doing admin things. However, from a security point
+of view, it is probably better to have a dedicated admin account for
+doing admin stuff. Further, each admiin should have their own admin
+account so it's easier to see who did what. This requires the admins
+to have multiple key and to configure their ssh so that the right key
+is used for each account. This can be one with stanzas in
+`~/.ssh/config` such as these:
+
+    Host gitanodmin
+    Hostname git.example.com
+    User git
+    IdentityFile /home/foo/.ssh/gitanoadmin.key
+
+With a stanza like this, the `Host` name need to be used instead of
+the usual name for the git server:
+
+    git clone ssh://gitanoadmin/gitano-admin.git
+
 # User and group management
 
 FIXME. This chapter discusses managing users, groups inside Gitano,