Sphinx: simplify running process as another user
This commit is contained in:
Brecht Van Lommel
parent
968618dac3
commit
5c53375672
2 changed files with 7 additions and 18 deletions
|
|
@ -15,8 +15,7 @@ Add to Gitea app.ini.
|
|||
[markup.restructuredtext]
|
||||
ENABLED = true
|
||||
FILE_EXTENSIONS = .rst
|
||||
RENDER_COMMAND = "timeout 30s ./custom/sphinx/sphinx_to_html.py --user sphinx --user-work-dir /path/to/dir"
|
||||
IS_INPUT_FILE = true
|
||||
RENDER_COMMAND = timeout 30s sudo -u sphinx python3 ./custom/sphinx/sphinx_to_html.py
|
||||
|
||||
[markup.sanitizer.restructuredtext]
|
||||
ELEMENT = div
|
||||
|
|
@ -28,6 +27,6 @@ Add to Gitea app.ini.
|
|||
PREVIEWABLE_FILE_MODES = markdown,restructuredtext
|
||||
|
||||
The `sphinx` user is required for sandboxing of sphinx-build which we do not
|
||||
assume to be secure. The work directory should be writable by both the gitea
|
||||
user and sphinx user, with the sphinx user having as little access as possible
|
||||
to other directories.
|
||||
assume to be so secure that it should have access to all gitea data. This user
|
||||
needs read-only access to the custom/sphinx, and the user running gitea needs
|
||||
to be able to run a process as the `sphinx` user.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue