summaryrefslogtreecommitdiff
path: root/README.rst
diff options
context:
space:
mode:
Diffstat (limited to 'README.rst')
-rw-r--r--README.rst42
1 files changed, 38 insertions, 4 deletions
diff --git a/README.rst b/README.rst
index b98eec06..74a49d12 100644
--- a/README.rst
+++ b/README.rst
@@ -1,9 +1,9 @@
-Soledad
+Soledad
==================================================================
*Synchronization Of Locally Encrypted Data Among Devices*
Soledad is the part of LEAP that allows application data to be
-securely shared among devices. It provides, to other parts of the
+securely shared among devices. It provides, to other parts of the
LEAP project, an API for data storage and sync.
This software is under development.
@@ -51,7 +51,41 @@ Client and server tests are both included in leap.soledad.common. If you want
to run tests in development mode you must do the following::
scripts/develop_mode.sh
- ./run_tests.sh
+ scripts/run_tests.sh
-Note that to run CouchDB tests, be sure you have ``CouchDB`` installed on your
+Note that to run CouchDB tests, be sure you have `CouchDB`_ installed on your
system.
+
+.. _`CouchDB`: https://couchdb.apache.org/
+
+Privileges
+-----
+In order to prevent privilege escalation, Soledad should not be run as a
+database administrator. This implies the following side effects:
+
+-----------------
+Database creation:
+-----------------
+Can be done via a script located in ``server/pkg/create-user-db``
+It reads a netrc file that should be placed on
+``/etc/couchdb/couchdb-admin.netrc``.
+That file holds the admin credentials in netrc format and should be accessible
+only by 'soledad-admin' user.
+
+The debian package will do the following in order to automate this:
+
+* create a user ``soledad-admin``
+* make this script available as ``create-user-db`` in ``/usr/bin``
+* grant restricted sudo access, that only enables user ``soledad`` to call this
+ exact command via ``soledad-admin`` user.
+
+The server side process, configured via ``/etc/soledad/soledad-server.conf``, will
+then use a parameter called 'create_cmd' to know which command is used to
+allocate new databases. All steps of creation process is then handled
+automatically by the server, following the same logic as u1db server.
+
+------------------
+Database deletion:
+------------------
+No code at all handles this and privilege to do so needs to be removed as
+explained before. This can be automated via a simple cron job.
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-12 07:09:48 +0000