diff options
| author | Christoph Lange <christoph@clange.de> | 2024-04-23 20:08:58 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-04-23 14:08:58 -0400 |
| commit | 03518d3e18c68bc52085811f6ec37da8e98ce6e4 (patch) | |
| tree | 3f8449da843d547e388911bed5ad12124cd7238e | |
| parent | fcdc57d811f51201fc196cab282821545d70c6ce (diff) | |
| download | gitea-03518d3e18c68bc52085811f6ec37da8e98ce6e4.tar.gz gitea-03518d3e18c68bc52085811f6ec37da8e98ce6e4.zip | |
DOC: in ssh forwarding, user git must be allowed to run docker (#29634)
Added to doc for rootless Docker installation: for SSH passthrough, the
ssh user (git) has to be able to run docker.
---------
Co-authored-by: techknowlogick <matti@mdranta.net>
| -rw-r--r-- | docs/content/installation/with-docker-rootless.en-us.md | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/docs/content/installation/with-docker-rootless.en-us.md b/docs/content/installation/with-docker-rootless.en-us.md index 10f1212217..5b59098f4c 100644 --- a/docs/content/installation/with-docker-rootless.en-us.md +++ b/docs/content/installation/with-docker-rootless.en-us.md @@ -350,6 +350,8 @@ Match User git AuthorizedKeysCommand /usr/bin/docker exec -i gitea /usr/local/bin/gitea keys -c /etc/gitea/app.ini -e git -u %u -t %t -k %k ``` +For this to work, the user `git` has to be allowed to run the `docker` cli command. Please read through the [security considerations](https://docs.docker.com/engine/security/#docker-daemon-attack-surface) of providing non-root linux users access to the docker daemon. + (From 1.16.0 you will not need to set the `-c /etc/gitea/app.ini` option.) All that is left to do is restart the SSH server: |