1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-26 07:20:57 +01:00
phorge-phorge/src/applications/config/option/PhabricatorPHDConfigOptions.php
epriestley 7145587df7 Lock down some config options
Summary:
This is just a general review of config options, to reduce the amount of damage a rogue administrator (without host access) can do. In particular:

  - Fix some typos.
  - Lock down some options which would potentially let a rogue administrator do something sketchy.
    - Most of the new locks relate to having them register a new service account, then redirect services to their account. This potentially allows them to read email.
    - Lock down some general disk stuff, which could be troublesome in combination with other vulnerabilities.

Test Plan:
  - Read through config options.
  - Tried to think about how to do evil things with each one.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8928
2014-05-01 10:23:49 -07:00

69 lines
2.6 KiB
PHP

<?php
final class PhabricatorPHDConfigOptions
extends PhabricatorApplicationConfigOptions {
public function getName() {
return pht("Daemons");
}
public function getDescription() {
return pht("Options relating to PHD (daemons).");
}
public function getOptions() {
return array(
$this->newOption('phd.pid-directory', 'string', '/var/tmp/phd/pid')
->setDescription(
pht(
"Directory that phd should use to track running daemons.")),
$this->newOption('phd.log-directory', 'string', '/var/tmp/phd/log')
->setDescription(
pht(
"Directory that the daemons should use to store log files.")),
$this->newOption('phd.start-taskmasters', 'int', 4)
->setSummary(pht("Number of TaskMaster daemons to start by default."))
->setDescription(
pht(
"Number of 'TaskMaster' daemons that 'phd start' should start. ".
"You can raise this if you have a task backlog, or explicitly ".
"launch more with 'phd launch <N> taskmaster'.")),
$this->newOption('phd.verbose', 'bool', false)
->setBoolOptions(
array(
pht("Verbose mode"),
pht("Normal mode"),
))
->setSummary(pht("Launch daemons in 'verbose' mode by default."))
->setDescription(
pht(
"Launch daemons in 'verbose' mode by default. This creates a lot ".
"of output, but can help debug issues. Daemons launched in debug ".
"mode with 'phd debug' are always launched in verbose mode. See ".
"also 'phd.trace'.")),
$this->newOption('phd.user', 'string', null)
->setLocked(true)
->setSummary(pht("System user to run daemons as."))
->setDescription(
pht(
"Specify a system user to run the daemons as. Primarily, this ".
"user will own the working copies of any repositories that ".
"Phabricator imports or manages. This option is new and ".
"experimental.")),
$this->newOption('phd.trace', 'bool', false)
->setBoolOptions(
array(
pht("Trace mode"),
pht("Normal mode"),
))
->setSummary(pht("Launch daemons in 'trace' mode by default."))
->setDescription(
pht(
"Launch daemons in 'trace' mode by default. This creates an ".
"ENORMOUS amount of output, but can help debug issues. Daemons ".
"launched in debug mode with 'phd debug' are always launched in ".
"trace mdoe. See also 'phd.verbose'.")),
);
}
}