Fork/gitea-custom
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sphinx: simplify running process as another user

Browse Source
This commit is contained in:
Brecht Van Lommel
2023-05-09 16:45:35 +02:00
parent 968618dac3
commit 5c53375672
2 changed files with 7 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
sphinx/README.md
View File

@@ -15,8 +15,7 @@ Add to Gitea app.ini.
[markup.restructuredtext]
ENABLED = true
FILE_EXTENSIONS = .rst
RENDER_COMMAND = "timeout 30s ./custom/sphinx/sphinx_to_html.py --user sphinx --user-work-dir /path/to/dir"
IS_INPUT_FILE = true
RENDER_COMMAND = timeout 30s sudo -u sphinx python3 ./custom/sphinx/sphinx_to_html.py
[markup.sanitizer.restructuredtext]
ELEMENT = div
@@ -28,6 +27,6 @@ Add to Gitea app.ini.
PREVIEWABLE_FILE_MODES = markdown,restructuredtext
The `sphinx` user is required for sandboxing of sphinx-build which we do not
assume to be secure. The work directory should be writable by both the gitea
user and sphinx user, with the sphinx user having as little access as possible
to other directories.
assume to be so secure that it should have access to all gitea data. This user
needs read-only access to the custom/sphinx, and the user running gitea needs
to be able to run a process as the `sphinx` user.