Open main menu

Wikibooks β


< Git

Gitosis is a tool to secure centralized Git repositories, permitting multiple maintainers to manage the same project at once, by restricting the access to only over a secure network protocol.


Installing GitosisEdit

Checkout the Gitosis RepositoryEdit

To install Gitosis, you first must have the Git client installed. Once installed, checkout a copy of Gitosis from its repository:

 git clone git://


 cd gitosis
 python install

Create a User to Manage the RepositoriesEdit

Create a user to manage the repositories:

 sudo adduser \
   --system \
   --shell /bin/sh \
   --gecos 'git version control' \
   --group \
   --disabled-password \
   --home /home/git \

If you don't already have a public RSA key, create one on your local computer:

 ssh-keygen -t rsa

Copying Your Public Key to the Gitosis ServerEdit

Copy this key to the Gitosis server. Assuming you are in your home directory:

 scp .ssh/

Setting up GitosisEdit

Initializing GitosisEdit

Initialize Gitosis:

 sudo -H -u git gitosis-init < /tmp/

Upon success, you will see:

 Initialized empty Git repository in ./
 Initialized empty Git repository in ./

Ensure the Git post-update hook has the correct permissions:

 sudo chmod 755 /home/git/repositories/gitosis-admin.git/hooks/post-update

Configuring GitosisEdit

Clone the Gitosis RepositoryEdit

Gitosis creates its own Git repository. To configure Gitosis, you will clone this repository, set your configuration options, then push your configuration back to the Gitosis server.

Cloning the Gitosis repository:

 git clone
 cd gitosis-admin

Creating a RepositoryEdit

Edit gitosis.conf

An example of a default gitosis.conf:

 [group gitosis-admin]
 writable = gitosis-admin
 members = jdoe 

Defining Groups, Members, Permissions, and RepositoriesEdit

You can define groups of members and what permissions they will have to repositories like so:

 [group blue_team]
 members = john martin stephen
 writable = tea_timer coffee_maker

In this example, anyone in the group blue_team, in this case john, martin, and stephen, will be able to write to the Git repositories tea_timer and coffee_maker

Save, commit, and push this file.

 git commit -am "Give john, martin, and stephen access to the repositories tea_timer and coffee_maker."
 git push

Creating a RepositoryEdit

Next, create one of the repositories. You'll want to change to the directory where you you want to store your local copy of the Git repository first.

Create the repository:

 mkdir tea_timer
 cd tea_timer
 git init
 git remote add origin
 # Add some files and commit.
 git push origin master:refs/heads/master
 # The previous line links your local branch master to the remote branch master so you can automatically fetch and merge with git pull.

Adding Users to a RepositoryEdit

Users are identified by their public RSA keys. Gitosis keeps these keys inside the directory keydir within the gitosis-admin repository. Users are linked to their Git username by the name of the key file. For example, adding an RSA key to keydir/ will link the user john to the machine defined by the RSA within Keys must end in .pub!

Add a user:

 cd gitosis-admin
 cp /path/to/rsa/key/ keydir/
 git add keydir/*
 git commit -am "Adding the john account."
 git push

John can now clone the git repositories he has access to as defined by gitosis.conf. In this case, he can both read and write to the repository as he has writable permissions.

External LinksEdit