git and gitolite integration without sudo access rights?
I have searched a way for using redmine, git and gitweb and gitolite together. Currently I have thinked that responsibilities of each component would be a following:
- gitolite low level real handling og of git projects, pull/push rights to projects based on to user access righs, ssh key management to pull/push to projects via ssh/gitolite
- gitweb to show a list of git repos that gitolite marks public and provide a read only access to them for everybody
- redmine/redmine plug-in: allow logged in users to create projects and create the git repositories via gitolite and publish them in some cases also to gitweb for read (clone/pull/fetch) access
Currently I have managed things in semi automatic way by creating the projects manually to gitolite over the ssh and then configuring the existing git plug-ins to redmine projects and gitweb.
I would however like to create the git projects in gitolite automatially from the redmine ui (and also handle the user access rights via it) and redmine plugin in redmine-git-hosting.io seems to allow that if U understood correctly.
But I do not like from the idea that I should give the redmine user the passwordless sudo access rights as instructed in http://redmine-git-hosting.io/get_started.
That seems to me a big security risk (if redmine user is exploited due to bug in redmine, user could send "sudo su rm" over the browser) and I am wondering could that be handled in some more safer way. Are others seeing the same security problem and any ideas how this could be handled other way?