From b4c849cc674766149e05ff52a22e49daa9d00748 Mon Sep 17 00:00:00 2001 From: Richard Maw Date: Mon, 2 Jan 2017 18:23:46 +0000 Subject: Fix up minor typos, misformatting and wording. --- doc/admin/000.mdwn | 35 +++++++++++++++++------------------ 1 file changed, 17 insertions(+), 18 deletions(-) (limited to 'doc') diff --git a/doc/admin/000.mdwn b/doc/admin/000.mdwn index 5163fce..8be8286 100644 --- a/doc/admin/000.mdwn +++ b/doc/admin/000.mdwn @@ -23,11 +23,11 @@ on a system. Gitano admins primarily enable people to do their jobs. This involves: -* define Gitano access control rules using Lace -* add and remove Gitano users -* helping people with their Gitano problems -* possibly add and remove Git repositories, unless they allow people - to do that themselves +* Define Gitano access control rules using Lace. +* Add and remove Gitano users. +* Helping people with their Gitano problems. +* Possibly add and remove Git repositories, unless they allow people + to do that themselves. Access control to Gitano is defined using a language called Lace. It is a fairly simple textual language for expressing what actions Gitano @@ -39,21 +39,21 @@ Gitano recognises users based on the ssh key they use to log in. Each user may have multiple keys, but each key may only be used by one user. -Gitano admis need to be in the `gitano-admin` group. When a Gitano -instance is first created by the sysadmin (by running `gitano-setup`), -as part of the process an admin user is created. This user belongs to -the `gitano-admin` group. (FIXME: is this how it goes?) +Gitano administrators need to be in the `gitano-admin` group. +When a Gitano instance is first created by the sysadmin +(by running `gitano-setup`), as part of the process an admin user is created. +This user belongs to the `gitano-admin` group. It is easiest if the admins have one account that they both for normal Gitano use and for doing admin things. However, from a security point of view, it is probably better to have a dedicated admin account for -doing admin stuff. Further, each admiin should have their own admin +doing admin stuff. Further, each admin should have their own admin account so it's easier to see who did what. This requires the admins -to have multiple key and to configure their ssh so that the right key +to have multiple keys, and to configure their ssh so that the right key is used for each account. This can be one with stanzas in `~/.ssh/config` such as these: - Host gitanodmin + Host gitanoadmin Hostname git.example.com User git IdentityFile /home/foo/.ssh/gitanoadmin.key @@ -90,10 +90,9 @@ able to push changes to source code repositories. The site might also have a group `ops`, whose members have read-only access to the source code repositories. -Creating a site policy such as the above is a job for that site's -Gitano admins. Gitano come with a very simplistic policy by default. -The policy is specified (implemented) using Lace, which we'll cover -soon. +Creating a site policy such as the above is a job for that site's +Gitano admins. Gitano comes with a very simplistic policy by default. +The policy is specified (implemented) using Lace, which we'll cover soon. # Repository management @@ -160,7 +159,7 @@ The first example is really simplistic. It contains a rule to allow a user to do anything to a repository prefixed by their username. define repo_is_usernamed repository prefix ${user}/ - allow "Users can create repos beginning with their username" repo_is_usernamed + allow "Users can do anything to repos beginning with their username" repo_is_usernamed Lace rules are used by Gitano whenever the user tries to do anything. Note that they only apply for access to the repositories via Gitano @@ -335,5 +334,5 @@ When gitano-setup is run, the admin needs to specify a Unix user in whose home directory the git repositories stored. In this section we'll assume the home directory is `/home/git`. -To backup a Gitano instnace, backup `/home/git`. To restore, restore +To backup a Gitano instance, backup `/home/git`. To restore, restore the directory. -- cgit v1.2.1