Non-Interactive Users group missing
190 views
Skip to first unread message
Elijah Newren
Oct 18, 2018, 1:06:55 PM10/18/18
to repo-discuss
Hi,
I'm running a gerrit-2.15.5 installation, upgraded through various
gerrit versions over the years going back to at least gerrit-2.2.1,
and with evidence of hand-jamming having occurred a few times (e.g. in
the past I had to to delete various entries from the database before
an upgrade due to someone deleting a project from disk without
updating the database).
Currently, I've found that there is no 'Non-Interactive Users' group
in my installation, and I'd like to add one. What requirements are
there for this group? Does it need to have a certain id or UUID --
will I need to tweak the database to make it work? Or is it simply a
matter of creating a new group and granting/denying it certain access
privileges (e.g. stream events, Priority=BATCH, and Deny
EmailReviewers)?
Also, what config settings, if any, will I need to set? The
documentation on the Non-Interactive users
(https://gerrit-review.googlesource.com/Documentation/access-control.html#non-interactive_users)
doesn't make this clear to me. Is it just sshd.batchThreads?
Thanks,
Elijah
I'm running a gerrit-2.15.5 installation, upgraded through various
gerrit versions over the years going back to at least gerrit-2.2.1,
and with evidence of hand-jamming having occurred a few times (e.g. in
the past I had to to delete various entries from the database before
an upgrade due to someone deleting a project from disk without
updating the database).
Currently, I've found that there is no 'Non-Interactive Users' group
in my installation, and I'd like to add one. What requirements are
there for this group? Does it need to have a certain id or UUID --
will I need to tweak the database to make it work? Or is it simply a
matter of creating a new group and granting/denying it certain access
privileges (e.g. stream events, Priority=BATCH, and Deny
EmailReviewers)?
Also, what config settings, if any, will I need to set? The
documentation on the Non-Interactive users
(https://gerrit-review.googlesource.com/Documentation/access-control.html#non-interactive_users)
doesn't make this clear to me. Is it just sshd.batchThreads?
Thanks,
Elijah
Andrew Grimberg
Oct 18, 2018, 2:02:08 PM10/18/18
to Elijah Newren, repo-discuss
I can state from experience that there is no special UUID that needs to
exist. This along with the default Administrators group are created
during site initialization through essentially the same processes that
other groups are generated.
For permissions, in your All-Projects repo grant as follows:
Global Capabilities:
Priority: BATCH 'Non-Interactive Users'
Stream Events: ALLOW 'Non-Interactive Users'
After that it's a matter of what other rights you want the group to
have, the current standard on Linux Foundation managed Gerrit instances is:
Global Capabilities:
Email Reviewers: BLOCK 'Non-Interactive Users'
Reference: refs/*
Read: ALLOW 'Non-Interactive Users'
Reference: refs/heads/*
Label Verified: ALLOW -1..+1 'Non-Interactive Users'
Admittedly, the refs/* Read right could probably be removed from our
config as we also allow Anonymous to read, but we generally start with
our Gerrit in a private mode requiring login to be able to see anything.
-Andy-
Elijah Newren
Oct 19, 2018, 2:09:19 PM10/19/18
to grim...@gmail.com, repo-discuss
Reply all
Reply to author
Forward
0 new messages