From 94f826498cde963ab88748a27818b23453e0b94a Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 9 Aug 2012 11:48:30 -0400 Subject: update ikiwiki-update-wikilist docs to suggest putting it in /etc/sudoers --- doc/ikiwiki-update-wikilist.mdwn | 7 +++++-- doc/security.mdwn | 2 +- ikiwiki-update-wikilist | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/doc/ikiwiki-update-wikilist.mdwn b/doc/ikiwiki-update-wikilist.mdwn index e5ea72e36..b6330c5e5 100644 --- a/doc/ikiwiki-update-wikilist.mdwn +++ b/doc/ikiwiki-update-wikilist.mdwn @@ -8,8 +8,11 @@ ikiwiki-update-wikilist [-r] # DESCRIPTION -`ikiwiki-update-wikilist` is designed to be made suid root, but is not installed -suid by default. If made suid, it allows users to add or remove their names +`ikiwiki-update-wikilist` is designed to be safely run as root by arbitrary +users, either by being made suid and using the (now deprecated suidperl), or +by being configured in `/etc/sudoers` to allow arbitrary users to run. + +All it does is allows users to add or remove their names from the `/etc/ikiwiki/wikilist` file. By default, the user's name will be added. diff --git a/doc/security.mdwn b/doc/security.mdwn index c3b62cd3c..afefd1bc3 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -110,7 +110,7 @@ runs ikiwiki to update a given wiki. The wrapper can in turn be made suid, for example to be used in a [[post-commit]] hook by people who cannot write to the html pages, etc. -If the wrapper script is made suid, then any bugs in this wrapper would be +If the wrapper program is made suid, then any bugs in this wrapper would be security holes. The wrapper is written as securely as I know how, is based on code that has a history of security use long before ikiwiki, and there's been no problem yet. diff --git a/ikiwiki-update-wikilist b/ikiwiki-update-wikilist index 1976f7ed1..56d6e0731 100755 --- a/ikiwiki-update-wikilist +++ b/ikiwiki-update-wikilist @@ -1,6 +1,6 @@ #!/usr/bin/perl -t # Add a user to the system wide wikilist. -# This script can safely be made suid. +# This script can safely be made suid or put in /etc/sudoers. use warnings; use strict; use English; -- cgit v1.2.3