aboutsummaryrefslogtreecommitdiffstats
path: root/README
blob: 0fd3524911f21ac6851436bf43c92c8b492ea9af (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
The program "kup-server" is expected to be the receiver of an ssh
shell, configured with the following options in authorized_keys or
similar:

command="/path/to/kup-server",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding <pubkey>

Each user should have their own UID, as Unix user permissions are used
for specific tree access control.


The following pathnames in kup-server need to be customized
appropriately.

All of these paths should be disjoint!


my $data_path = '/var/lib/kup/pub';

This is the path under which files are uploaded.


my $git_path  = '/var/lib/git';

This is the path where git trees (for the TAR and DIFF options) are
available.  Those should be readonly for the uploaders.


my $lock_file = '/var/run/kup/lock';

A common lock file for $data_path.  No program should modify the
content in $data_path without holding an flock on this file.  Should
be readonly for the uploaders.


my $tmp_path  = '/var/lib/kup/tmp/';

This can be either:

a) a directory writable by every user and with the sticky bit set
   (typically mode 1777 or 1770).  In that case, DO NOT end the path
   with a slash, or:
b) A directory containing an empty directory for each user (named for
   that user), owned by that user and mode 700.  In this case, DO end
   the path with a slash.

In either case, this directory tree MUST same filesystem as
$data_path, since the script expects to create files in this directory
and rename() them into $data_path.


my $pgp_path  = '/var/lib/kup/pgp';

A directory containing a GnuPG public keyring for each user, named
<user>.gpg and readable (but not writable) by that user.