aboutsummaryrefslogtreecommitdiffstats
The program "kup-server" is expected to be the receiver of an ssh
shell, configured with the following options in authorized_keys or
similar:

command="/path/to/kup-server",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding <pubkey>

Each user should have their own UID, as Unix user permissions are used
for specific tree access control.


The following pathnames in kup-server need to be customized
appropriately.

All of these paths should be disjoint!


my $data_path = '/var/lib/kup/pub';

This is the path under which files are uploaded.


my $git_path  = '/var/lib/git';

This is the path where git trees (for the TAR and DIFF options) are
available.  Those should be readonly for the uploaders.


my $lock_file = '/var/run/kup/lock';

A common lock file for $data_path.  No program should modify the
content in $data_path without holding an flock on this file.  Should
be readonly for the uploaders.


my $tmp_path  = '/var/lib/kup/tmp/';

This can be either:

a) a directory writable by every user and with the sticky bit set
   (typically mode 1777 or 1770).  In that case, DO NOT end the path
   with a slash, or:
b) A directory containing an empty directory for each user (named for
   that user), owned by that user and mode 700.  In this case, DO end
   the path with a slash.

In either case, this directory tree MUST same filesystem as
$data_path, since the script expects to create files in this directory
and rename() them into $data_path.


my $pgp_path  = '/var/lib/kup/pgp';

A directory containing a GnuPG public keyring for each user, named
<user>.gpg and readable (but not writable) by that user.