Projects
Infrastructure
phabricator
README.fedora
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File README.fedora of Package phabricator
Post Installation Setup Instructions for Fedora =============================================== Some things need doing to get Phabricator to run, that we cannot do to you. They need to be self-inflicted. So, here you go. POSIX filesystem permissions, user accounts, sudo rights -------------------------------------------------------- A user and group 'phabricator' is created for you by the package. A split between the POSIX user account that phabricator uses, and the POSIX user account that runs the web interface services, and the POSIX user used by individuals or bots to interface with the source code repositories is recommended, and this document outlines the additional actions you need to take. You would want your users to be able to use git with URLs such as: ssh://git@dev.example.org/diffusion/R/repo.git This means a POSIX user 'git' would need to be created: ``` getent passwd git >/dev/null || \ useradd -r -d "/var/lib/git" -s /sbin/nologin \ -c "Git Service User" git ``` Make sure it holds no password and is unlocked: ``` passwd -d git passwd -uf git ``` Make the user 'git' a member of the group 'phabricator': ``` getent group phabricator | grep -q git || \ gpasswd -a git phabricator >/dev/null 2>&1 || : ``` Make sure that the user 'git' can sudo, without a password, and use git-core applications as the 'phabricator' account, so that not all repositories need to be made world-readable and world-writeable: ``` cat > %{buildroot}%{_sysconfdir}/sudoers.d/git << EOF git ALL=(phabricator) SETENV: NOPASSWD: /usr/bin/git-upload-pack, /usr/bin/git-receive-pack EOF ``` #. Phabricator would like to be able to allow a POSIX user such as 'git' to sudo without a password so that that POSIX user can be allowed access to git repositories without those being world-readable and world-writeable. #. The apache user, that runs the Phabricator PHP code, also needs access to the GIT repositories. It needs at least read access, but hypothetically speaking, it could be provided write access. Write access through the web- interface is outside of the scope of this document. Allow apache to sudo to phabricator without a password, to execute (only) the git-http-backend: ``` cat > %{buildroot}%{_sysconfdir}/sudoers.d/apache << EOF apache ALL=(phabricator) SETENV: NOPASSWD: /usr/libexec/git-core/git-http-backend EOF ``` PHP Curl CA Bundle Configuration -------------------------------- Ensure you have `curl.cainfo` in `/etc/pki/tls/certs/ca-bundle.crt` set to `/etc/pki/tls/certs/ca-bundle.crt`, or any other valid CA Bundle.
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.