diff options
author | Lars Wirzenius <liw@liw.fi> | 2016-12-18 14:45:32 +0100 |
---|---|---|
committer | Richard Maw <richard.maw@gmail.com> | 2017-01-02 18:25:52 +0000 |
commit | fba31698b8cc162b94f55e540003a2cd6d82afa8 (patch) | |
tree | bbe9ac84c9819124e34fc387b8ad7b323ea67c30 /doc | |
parent | c965ba9cfcca2d2fbaf8b4b9cb6827aa92a59c77 (diff) | |
download | gitano-fba31698b8cc162b94f55e540003a2cd6d82afa8.tar.gz |
Add chapter on gitno admin user and ssh config
Diffstat (limited to 'doc')
-rw-r--r-- | doc/admin/000.mdwn | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/doc/admin/000.mdwn b/doc/admin/000.mdwn index 8d74b73..25456cf 100644 --- a/doc/admin/000.mdwn +++ b/doc/admin/000.mdwn @@ -33,6 +33,36 @@ Access control to Gitano is defined using a language called Lace. It is a fairly simple textual language for expressing what actions Gitano users can and can't do. +# Gitano admin users + +Gitano recognises users based on the ssh key they use to log in. Each +user may have multiple keys, but each key may only be used by one +user. + +Gitano admis need to be in the `gitano-admin` group. When a Gitano +instance is first created by the sysadmin (by running `gitano-setup`), +as part of the process an admin user is created. This user belongs to +the `gitano-admin` group. (FIXME: is this how it goes?) + +It is easiest if the admins have one account that they both for normal +Gitano use and for doing admin things. However, from a security point +of view, it is probably better to have a dedicated admin account for +doing admin stuff. Further, each admiin should have their own admin +account so it's easier to see who did what. This requires the admins +to have multiple key and to configure their ssh so that the right key +is used for each account. This can be one with stanzas in +`~/.ssh/config` such as these: + + Host gitanodmin + Hostname git.example.com + User git + IdentityFile /home/foo/.ssh/gitanoadmin.key + +With a stanza like this, the `Host` name need to be used instead of +the usual name for the git server: + + git clone ssh://gitanoadmin/gitano-admin.git + # User and group management FIXME. This chapter discusses managing users, groups inside Gitano, |