blob: f0dd8b588f9b6a5842c303b50977cc5882582ab4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
Description
===========
This repository is a quick setup to allow readonly and readwrite access for
git-only through ssh. It is simple but should be secure. You can review the
script for security as it is really short.
sudo adduser --home /home/git --no-create-home --shell /bin/sh --gecos 'git version control' --disabled-password git
sudo mkdir /home/git
sudo chown git:git /home/git
sudo chmod 2770 /home/git
sudo cp path/gitcmd /home/git/
sudo gpasswd -a calendros git
in /etc/ssh/sshd_config:
Match User git
X11Forwarding no
AllowTcpForwarding no
AllowAgentForwarding no
PermitTunnel no
GatewayPorts no
PermitTTY no
Banner "Only git access allowed"
AuthorizedKeysFile /etc/ssh/git_keys
in /etc/ssh/git_keys
# usage: restrict,command="./gitcmd username" key
# then create a ~git/username.listro for authorized repositories
username.listro with username replaced with the username given at the gitcmd
argument at the front of the ssh key contains a list of repositories
directory for read-only access. username.listrw contains a list of read-write
access.
git directories are created with git init --bare <reponame>
Example of directory structure:
in /home/git:
$ tree --dirsfirst -L 2
.
├── <reponame>
│ ├── branches
│ ├── hooks
│ ├── info
│ ├── objects
│ ├── refs
│ ├── HEAD
│ ├── config
│ └── description
├── <username>.listrw
├── <username>.listro
├── create-repo
└── gitcmd
6 directories, 8 files
License
=======
Unless specified otherwise, this project is licensed under the terms of the
MIT license. You should have received a copy of the MIT License along with
this program. If not, see <https://opensource.org/licenses/MIT>.
SPDX-License-Identifier: MIT
Copyright © 2016 vg <vg@devys.org>
Contact
=======
developer
vg
mail
vg@devys.org
|
