Re: [PATCH] Implement ACL module architecture and sample MySQL ACL module

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Aug 14, 2012 at 9:12 AM, Junio C Hamano <gitster@xxxxxxxxx> wrote:
> Michal Novotny <minovotn@xxxxxxxxxx> writes:
>
>> Hi,
>> this is the patch to introduce the ACL module architecture into git
>> versioning system.
>
> No, it doesn't.  It adds something only to "git daemon", but does
> not affect any other uses of Git.

Yes, this part of the commit message also confused me until I read
through the patch further. :-(

>     Side note: I am not saying other uses of Git must be ACL
>     controlled by MySQL database.  They shouldn't be.  I am only
>     saying that the proposed commit log message must match what the
>     change does.
>
> Please familiarize yourself with Documentation/SubmittingPatches
> first, and then imitate the style in existing commits in the history
> and posted patches by the "good" developers (you can tell who they
> are by observing the list traffic for a few weeks), by the way.
>
> As "git daemon" already has a mechanism to specify what repositories
> are served with whitelist or blacklist, I am not sure if this patch
> adds enough value to the system to make us want to add further
> complexity only to carry more code to be audited for security.
>
> Opinions?

Traditionally Git has been about providing the plumbing to handle the
protocol and storage, and other tools that wrap git manage access
controls, e.g. UNIX filesystem or gitolite. I would strongly prefer to
keep that arrangement.

Parsing the request line of git-daemon is easy. But we could make it
easier. An alternative arrangement would be to add a new command line
flag to git daemon like --command-filter that names an executable
git-daemon will invoke after parsing the request line. It can pass
along the client IP address, command request, repository name, and
resolved repository path, and tie stdin/stdout to the client. This
binary can decide to exec the proper git binary for the named command,
or just exit to disconnect the client and refuse service. This makes
it simple for a tool like gitolite to plug into the git-daemon
authorization path, without needing to be the network daemon itself,
worry about number of active connection slots, etc.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]