On Mon, Jan 4, 2010 at 6:06 AM, Shawn O. Pearce <spearce@xxxxxxxxxxx> wrote: > Junio C Hamano <gitster@xxxxxxxxx> wrote: >> I still see Cc: here; are people named above (and others commented on >> earlier versions) happy with this round? > > I don't get why Options +SymLinksIfOwnerMatch is needed here. > > If we are linking to the root installed git-http-backend Apache > will actually reject the link, because the link owner is likely to > be $USER while the target is owned by root. > > So I really can't ACK this, the instructions don't jive with my > understanding of the Apache configuration. Fair enough. There seem to be three reasonable ways to run from a userdir (depending on what the global configuration allows): - symlink to global git installation (if FollowSymLinks) - symlink to user's git installation (if not FollowSymLink and only SymLinkIfOwnerMatch) - copy of git-http-backend binary (if no symlinks are followed) The Options +SymLinksIfOwnerMatch is left over from when there was a more detailed description of the second scenario and should probably be removed now. The user may not have a choice about which of those three can be used because it depends on the global server configuration (which presumably the user does not control) so it's difficult to provide instructions that will work for everyone. The last option is likely to be the most portable, but also does not get updated when the primary http-backend binary is updated. Enumerating the details of setting up all of these configurations in the man page seems excessive, but it would also be nice to have enough information to still make it easy. We could do one or more of the following: - Remove the Options +SymLinksIfOwnerMatch as it is too specific to an unknown configuration and let users figure out how to get symlinks to work for their particular configuration - Add a note to remind the user about SymLinksIfOwnerMatch or FollowSymLinks - Emphasize copying git-http-backend binary into the cgi-bin directory as that is likely the most portable across configurations - Expand all three scenarios in detail I'm inclined to do the first two with the following patch (cut-n-paste warning) squashed in. I'll send the complete patch as a follow up. Thanks, Tarmigan diff --git a/Documentation/git-http-backend.txt b/Documentation/git-http-backend index 0485033..7af1288 100644 --- a/Documentation/git-http-backend.txt +++ b/Documentation/git-http-backend.txt @@ -160,13 +160,14 @@ From UserDir on Apache 2.x:: + ---------------------------------------------------------------- SetHandler cgi-script -Options +SymLinksIfOwnerMatch SetEnv GIT_PROJECT_ROOT /home/$username/devel ---------------------------------------------------------------- + Also add any needed authentication to the .htaccess file as discussed in earlier examples. + +Depending on the global configuration of the web server, the +"FollowSymLinks" or "SymLinksIfOwnerMatch" options might be needed. If the web server does not follow any symbolic links, the 'git-http-backend' executable may be copied into the cgi-bin directory and renamed to 'git' to acheive the same effect, but it will also need -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html