The ssteiner Blog-o-matic

Linux Admin, OS X, Cocoa

Installing Secure Git with Gitosis

Gitosis — making hosting multiple Git repositories manageable

Gitosis is a tool for managing hosted git repositories.

There’s a bit of a blurb here since the main page doesn’t really say anything about what it’s for &c.

To quote:

gitosis aims to make hosting git repos easier and safer. It manages multiple repositories under one user account, using SSH keys to identify users. End users do not need shell accounts on the server, they will talk to one shared account that will not let them run arbitrary commands.

It is written in Python, not that that really matters but if I do want to jump in and fix/enhance something I’ll be in familiar territory.

Installing Gitosis

On all of my systems, I keep all the stuff I install from source in /usr/local/src so, to get gitosis installed on my Linux server. You may need to sudo some of these depending on your setup:

	# cd /usr/local/src
	# git clone git://eagain.net/gitosis.git
	# cd gitosis
	# python setup.py install

So far, so good.

Now, somewhat following the instructions at Garry Dolley’s Blog

First snag is that, on the version of Linux I’m running on this particular server (CentOS 4), the long forms of the options to adduser don’t exist so I ended up using:

	# sudo adduser \
   		 -s /bin/sh \
	    -d /home/git \
	    git

Just to make sure I wasn’t adding a user who could log in with no password, I tried ssh-ing into the server as the ‘gut’ user. The ‘git’ user could not log in. So far so good.

On my main machine (Mac), I ran

	# cd ~
	# ssh-keygen -t rsa

To generate an rsa key (I only had dsa flavored key) and copied it up to the /tmp directory on my Linux server.

Then I ran:

	# sudo -H -u git gitosis-init < /tmp/id_rsa.pub

This creates the gitosis configuration repository, gitosis-admin.git, in /home/git/repositories/.

The -H sets the HOME environment variable to the home of the user (/home/git, in this case) so that gitosis-init creates its configuration repository in the right place.

The -u makes the command get run as the supplied user (git).

As per the instructions, I also ran:

	# sudo chmod 755 /home/git/repositories/gitosis-admin.git/hooks/post-update

Then, to get the ball rolling, I fetched the configuration repository to my local machine — I put it in my home directory, for now.

	# cd ~
	# git clone git@MY_SERVER_HOSTNAME:gitosis-admin
	# cd gitosis-admin

There’s not much there yet, just gitosis.conf and the keydir.

This is where the fun begins. By creating entries for new repositories in the gitosis.conf and adding the public keys for other users in the keydir, then pushing those changes to the server, you can control access to the repositories managed by gitosis all from your local copy.

More on that in my next post…

About these ads

2008/12/21 - Posted by | Git, Linux Server Stuff, Version Control |

2 Comments »

  1. [...] that we’ve got our gitosis based git server set up (see Previous Installment), it’s time to add users and [...]

    Pingback by Gitosis — adding users and repositories « The ssteiner Blog-o-matic | 2008/12/26 | Reply

  2. Good post, i am able to follow this easier than scie.nti.st post. Now need to find out how to create respo. I was hosting my git respo with git users shell set to git-shell method, that can’t give per respo based access to user.

    Comment by mdystrophy | 2009/05/13 | Reply


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: