Gitosis is a tool to secure centralized Git repositories, permitting multiple maintainers to manage the same project at once, by restricting the access to only over a secure network protocol.
Checkout the Gitosis RepositoryEdit
To install Gitosis, you first must have the Git client installed. Once installed, checkout a copy of Gitosis from its repository:
git clone git://eagain.net/gitosis.git
cd gitosis python setup.py install
Create a User to Manage the RepositoriesEdit
Create a user to manage the repositories:
sudo adduser \ --system \ --shell /bin/sh \ --gecos 'git version control' \ --group \ --disabled-password \ --home /home/git \ git
If you don't already have a public RSA key, create one on your local computer:
ssh-keygen -t rsa
Copying Your Public Key to the Gitosis ServerEdit
Copy this key to the Gitosis server. Assuming you are in your home directory:
scp .ssh/id_rsa.pub firstname.lastname@example.org:/tmp
Setting up GitosisEdit
sudo -H -u git gitosis-init < /tmp/id_rsa.pub
Upon success, you will see:
Initialized empty Git repository in ./ Initialized empty Git repository in ./
Ensure the Git post-update hook has the correct permissions:
sudo chmod 755 /home/git/repositories/gitosis-admin.git/hooks/post-update
Clone the Gitosis RepositoryEdit
Gitosis creates its own Git repository. To configure Gitosis, you will clone this repository, set your configuration options, then push your configuration back to the Gitosis server.
Cloning the Gitosis repository:
git clone email@example.com:gitosis-admin.git cd gitosis-admin
Creating a RepositoryEdit
An example of a default gitosis.conf:
[group gitosis-admin] writable = gitosis-admin members = jdoe
Defining Groups, Members, Permissions, and RepositoriesEdit
You can define groups of members and what permissions they will have to repositories like so:
[group blue_team] members = john martin stephen writable = tea_timer coffee_maker
In this example, anyone in the group
blue_team, in this case john, martin, and stephen, will be able to write to the Git repositories
Save, commit, and push this file.
git commit -am "Give john, martin, and stephen access to the repositories tea_timer and coffee_maker." git push
Creating a RepositoryEdit
Next, create one of the repositories. You'll want to change to the directory where you you want to store your local copy of the Git repository first.
Create the repository:
mkdir tea_timer cd tea_timer git init git remote add origin firstname.lastname@example.org:tea_timer.git # Add some files and commit. git push origin master:refs/heads/master # The previous line links your local branch master to the remote branch master so you can automatically fetch and merge with git pull.
Adding Users to a RepositoryEdit
Users are identified by their public RSA keys. Gitosis keeps these keys inside the directory
keydir within the gitosis-admin repository. Users are linked to their Git username by the name of the key file. For example, adding an RSA key to
keydir/john.pub will link the user john to the machine defined by the RSA within
john.pub. Keys must end in .pub!
Add a user:
cd gitosis-admin cp /path/to/rsa/key/john.pub keydir/ git add keydir/* git commit -am "Adding the john account." git push
John can now clone the git repositories he has access to as defined by
gitosis.conf. In this case, he can both read and write to the repository as he has