mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-13 18:32:41 +01:00
7145587df7
Summary:
This is just a general review of config options, to reduce the amount of damage a rogue administrator (without host access) can do. In particular:
- Fix some typos.
- Lock down some options which would potentially let a rogue administrator do something sketchy.
- Most of the new locks relate to having them register a new service account, then redirect services to their account. This potentially allows them to read email.
- Lock down some general disk stuff, which could be troublesome in combination with other vulnerabilities.
Test Plan:
- Read through config options.
- Tried to think about how to do evil things with each one.
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: epriestley
Differential Revision: https://secure.phabricator.com/D8928
69 lines
2.6 KiB
PHP
69 lines
2.6 KiB
PHP
<?php
|
|
|
|
final class PhabricatorPHDConfigOptions
|
|
extends PhabricatorApplicationConfigOptions {
|
|
|
|
public function getName() {
|
|
return pht("Daemons");
|
|
}
|
|
|
|
public function getDescription() {
|
|
return pht("Options relating to PHD (daemons).");
|
|
}
|
|
|
|
public function getOptions() {
|
|
return array(
|
|
$this->newOption('phd.pid-directory', 'string', '/var/tmp/phd/pid')
|
|
->setDescription(
|
|
pht(
|
|
"Directory that phd should use to track running daemons.")),
|
|
$this->newOption('phd.log-directory', 'string', '/var/tmp/phd/log')
|
|
->setDescription(
|
|
pht(
|
|
"Directory that the daemons should use to store log files.")),
|
|
$this->newOption('phd.start-taskmasters', 'int', 4)
|
|
->setSummary(pht("Number of TaskMaster daemons to start by default."))
|
|
->setDescription(
|
|
pht(
|
|
"Number of 'TaskMaster' daemons that 'phd start' should start. ".
|
|
"You can raise this if you have a task backlog, or explicitly ".
|
|
"launch more with 'phd launch <N> taskmaster'.")),
|
|
$this->newOption('phd.verbose', 'bool', false)
|
|
->setBoolOptions(
|
|
array(
|
|
pht("Verbose mode"),
|
|
pht("Normal mode"),
|
|
))
|
|
->setSummary(pht("Launch daemons in 'verbose' mode by default."))
|
|
->setDescription(
|
|
pht(
|
|
"Launch daemons in 'verbose' mode by default. This creates a lot ".
|
|
"of output, but can help debug issues. Daemons launched in debug ".
|
|
"mode with 'phd debug' are always launched in verbose mode. See ".
|
|
"also 'phd.trace'.")),
|
|
$this->newOption('phd.user', 'string', null)
|
|
->setLocked(true)
|
|
->setSummary(pht("System user to run daemons as."))
|
|
->setDescription(
|
|
pht(
|
|
"Specify a system user to run the daemons as. Primarily, this ".
|
|
"user will own the working copies of any repositories that ".
|
|
"Phabricator imports or manages. This option is new and ".
|
|
"experimental.")),
|
|
$this->newOption('phd.trace', 'bool', false)
|
|
->setBoolOptions(
|
|
array(
|
|
pht("Trace mode"),
|
|
pht("Normal mode"),
|
|
))
|
|
->setSummary(pht("Launch daemons in 'trace' mode by default."))
|
|
->setDescription(
|
|
pht(
|
|
"Launch daemons in 'trace' mode by default. This creates an ".
|
|
"ENORMOUS amount of output, but can help debug issues. Daemons ".
|
|
"launched in debug mode with 'phd debug' are always launched in ".
|
|
"trace mdoe. See also 'phd.verbose'.")),
|
|
);
|
|
}
|
|
|
|
}
|