git and gitolite integration without sudo access rights?

Added by Mika Laitio 16 days ago

I have searched a way for using redmine, git and gitweb and gitolite together. Currently I have thinked that responsibilities of each component would be a following:

- gitolite low level real handling og of git projects, pull/push rights to projects based on to user access righs, ssh key management to pull/push to projects via ssh/gitolite
- gitweb to show a list of git repos that gitolite marks public and provide a read only access to them for everybody
- redmine/redmine plug-in: allow logged in users to create projects and create the git repositories via gitolite and publish them in some cases also to gitweb for read (clone/pull/fetch) access

Currently I have managed things in semi automatic way by creating the projects manually to gitolite over the ssh and then configuring the existing git plug-ins to redmine projects and gitweb.
I would however like to create the git projects in gitolite automatially from the redmine ui (and also handle the user access rights via it) and redmine plugin in seems to allow that if U understood correctly.

But I do not like from the idea that I should give the redmine user the passwordless sudo access rights as instructed in
That seems to me a big security risk (if redmine user is exploited due to bug in redmine, user could send "sudo su rm" over the browser) and I am wondering could that be handled in some more safer way. Are others seeing the same security problem and any ideas how this could be handled other way?