On the web front-end
Users are usually registered using a traditional login + password + verified e-mail address combo.
Numerous Plugins also exist to provide external authentication, e.g. via LDAP or CAS.
FusionForge's security model is based directly on the Linux kernel, using POSIX user accounts (privilege separation).
This is done via libnss-pgsql, which automatically maps a shell account for each user in the PostgreSQL database, if they are part of a project.
User can then securely access their repository via SSH keys, and login to manage their webpages area. If full login is not desirable, it is also possible to install a restricted shell such as
rssh to limit shell access to e.g. Git, SVN and SFTP only.
Each project is similarly mapped to 3 POSIX groups:
- projectname : access to group directory, including webpages
- projectname_scmro : read-only access to source repositories
- projectname_scmrw : read/write access to source repositories
User accounts have appropriate group memberships so they can only access projects depending on the RBAC permissions.
Important: users and groups are not created (i.e. no useradd) - they are directly mapped to the database through libnss-pgsql.
Web access to repositories
When accessing repositories though HTTPS, FusionForge uses mpm-itk, an Apache module, so that each Apache process is run using the matching shell account, with appropriate groups membership.
This means project members can install custom repository hooks and run them securely.
NSCD is the Name Service Cache Daemon. It is used to cache database results for users and groups mapping, for performances reasons. Also, for libnss-pgsql, it's necessary to install it, to fix an authentication loop when the database is installed on the same server as the shell server.
fusionforge-systasksd, automatically clears
nscd's cache when new users and groups are added or removed, so that shell accounts are immediately active.