New user/group in /usr/ports/UIDs and /usr/ports/GIDs

[Douglas Thrift]

On 2/17/2016 12:25 AM, Matthias Fechner wrote:
> Am 16.02.2016 um 20:23 schrieb Douglas Thrift:
>> While your arguments for user isolation make sense, they really only
>> make sense if you were to be using gitolite or gitosis at the same time
>> as gogs which I imagine would not be that common. I am not opposed to
>> you having a gogs user on your system, but I think that the default user
>> defined by the port should reflect a reasonable default for most people,
>> and that user is git not gogs, even the gogs documentation directs you
>> to use the git user.
> 
> the default git user will not work, it has its homedir in /usr/local/git
> but gogs expect it on /var/db/gogs/home.
> I know, here is a second user generated but if I look on the pros and
> cons I think using a dedicated gogs user is here more secure (for
> security and also for the upgrade path in the future).
> 
> 
> Gruß
> Matthias
> 

The home directory should be configurable, that should not be a problem.
I set up Gogs manually from source on my system and have a git user
whose home directory is actually /home/git and I don't have any problems.

I don't think this is going to really make sense for most people, the
default is to have Git urls of the form git at example.com:user/repo.git
not gogs at example.com:user/repo.git. I really don't see that there is a
huge security issue unless someone is trying to run Gogs at the same
time as Gitolite or Gitosis where they would probably just end up
changing what users things run as. Also, I don't see what upgrading has
to do with anything.

I think that it would be a huge mistake to have a user other than git as
the default for this port. Users can configure their systems as they see
fit, but I think the port should ship a reasonable default and that
reasonable default should not have any POLA violations.

-- 
Douglas William Thrift
<http://douglasthrift.net/>