summaryrefslogtreecommitdiff
path: root/about/what-is.mdwn
diff options
context:
space:
mode:
authorhttp://richard.maw.name/ <Richard_Maw@web>2017-02-12 14:08:49 +0000
committerDaniel Silverstone <dsilvers@pepperfish.net>2017-02-12 14:08:49 +0000
commitfe8ea01ea1e1e4f91fb8b8d6b0fe41cf11e19afc (patch)
treeaee9b5c62e5480aa30745d6036c51194ed94585f /about/what-is.mdwn
parent0374501ad45a9eba5e861fa20eca3f2349d9af4c (diff)
downloadgitano-wiki-fe8ea01ea1e1e4f91fb8b8d6b0fe41cf11e19afc.tar.bz2
Summarise customisable ACLs
Diffstat (limited to 'about/what-is.mdwn')
-rw-r--r--about/what-is.mdwn12
1 files changed, 11 insertions, 1 deletions
diff --git a/about/what-is.mdwn b/about/what-is.mdwn
index b4bdeba..e1fa5c9 100644
--- a/about/what-is.mdwn
+++ b/about/what-is.mdwn
@@ -16,7 +16,7 @@ accessible over the git, http and ssh transport protocols.
NOTE: This section is a work in progress
-# Is a git server
+# Is a git server providing user separation with ssh keys or passwords
Git servers implement the `git-{receive,upload}-pack` commands when accessed over ssh, handle requests to `/info/refs?service=git-{upload,receive}-pack` when accessed over http, and the bespoke protocol of the git transport.
@@ -25,3 +25,13 @@ Gitano implements the ssh interface by generating a `.ssh/authorized_keys` file
Gitano implements the http interface by providing `gitano-smart-http.cgi` which the system administrator configures their web server to run, which authenticates the user based on a generated htpasswd file then determines whether the authenticated user is permitted to run the requested service before handing it off to `git-http-backend`.
Gitano implements the git interface by generating `git-daemon-export-ok` files for every repository that the anonymous user is permitted to read.
+
+# Access rules defined as customisable ACLs
+
+All Gitano commands consult ACLs written in [lace][] to determine whether the operation is permitted.
+
+This allows a Gitano administrator to define rules that permit delegation of roles to different users,
+and if those roles are defined by group membership and the ability to add a user to a group is delegated
+then the permission to grant permissions can also be delegated.
+
+[lace]: https://www.gitano.org.uk/lace/