From c38c81f2ae1167e0d18c17bb32e748cdf6dba173 Mon Sep 17 00:00:00 2001 From: Christoph Lange Date: Tue, 23 Apr 2024 20:08:58 +0200 Subject: [PATCH] DOC: in ssh forwarding, user git must be allowed to run docker (#29634) Added to doc for rootless Docker installation: for SSH passthrough, the ssh user (git) has to be able to run docker. --------- Co-authored-by: techknowlogick --- installation/with-docker-rootless.en-us.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/installation/with-docker-rootless.en-us.md b/installation/with-docker-rootless.en-us.md index 10f12122..5b59098f 100644 --- a/installation/with-docker-rootless.en-us.md +++ b/installation/with-docker-rootless.en-us.md @@ -350,6 +350,8 @@ Match User git AuthorizedKeysCommand /usr/bin/docker exec -i gitea /usr/local/bin/gitea keys -c /etc/gitea/app.ini -e git -u %u -t %t -k %k ``` +For this to work, the user `git` has to be allowed to run the `docker` cli command. Please read through the [security considerations](https://docs.docker.com/engine/security/#docker-daemon-attack-surface) of providing non-root linux users access to the docker daemon. + (From 1.16.0 you will not need to set the `-c /etc/gitea/app.ini` option.) All that is left to do is restart the SSH server: