[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] There's talk...
From: |
Richard Levitte |
Subject: |
Re: [Monotone-devel] There's talk... |
Date: |
Thu, 25 Oct 2007 12:01:01 +0200 (CEST) |
In message <address@hidden> on Thu, 25 Oct 2007 10:47:17 +0200, Thomas Keller
<address@hidden> said:
me> I have to admit I don't know the "op" command, but wouldn't it be
me> sufficient to just create a non-root user which can manage his
me> /home/<user>, crontab, public_html aso.?
I take it you're talking about the wiki, and thereby a shared
account. The "op" command allows me to set up some restricted
commands to be performed by selected users as another user and/or
group, and I much prefer a model where everyone involved have personal
accounts and manage shared things through something like the "op"
command.
And the thing is, I plan to make it possible to share other tasks as
well, such as adding key identities to monotone's write-permissions
and things like that (well, ok, that one will be until I've tested the
current policy branch stuff well enough, but still)...
me> I mean from a trust point of view, you probably should not give
me> root access to anybody, not because we're harmful, but we're all
me> making mistakes sometimes and don't want to be sued for the mess
me> afterwards ;)
Right, but there may still be some sensitive things that need to be
done. Such things can be defined very safely and precisely through
the "op" command.
me> And on the other hand I don't think the first thing we're trying
me> to do on your machine is to find a bug / workaround to get
me> elevated rights either...
No, I don't expect anyone to misbehave, it's more a sense of
protecting you as well as myself against foreseeable human mistakes.
me> > Now, as to the wiki, I'd be happy to serve. I know that Graydon
me> > and Nathaniel use Moinmoin, and that would be easy enough to
me> > install. What's needed is the current database itself, and
me> > perhaps information on settings, possible plugins and so on.
me>
me> If you can create a database user and set its database rights
me> (mysql commandline client access assumed), the rest can be done by
me> someone else having ssh access to the machine (I mean, more than
me> scp access, which a couple of us already have).
That can be done, sure. I'll do what I can tonight.
MySQL, btw? I thought moinmoin used its own database...
Cheers,
Richard
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte address@hidden
http://richard.levitte.org/
"When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up."
-- C.S. Lewis