Setup git repository on a server with ssh access

Question

Following the instructions in this link I managed to create a repository on my $HOME on the uni's server. I clone/pull/push to this repository on the server using SSH .

My question is: Is it possible to grant access to someone else to clone/push/pull from this repository? Obviously I do not have root privileges on the server side. Furthermore, I don't want to have it as a public repository... I want to know who is cloning and pushing to this one.

Can I do something like that on the web-storage part of my account? Where my wesite is stored, and then use something like htaccess to manage access?

Answer 1

You could set POSIX ACLs on the repository, to allow more users to access it. But that won't guarantee somebody commits as another user / it's quite cumbersome to configure / ...

Instead, I suggest you to use gitolite: https://github.com/sitaramc/gitolite .

It works in a way very similar to the pull/push mechanism on github: one ssh user, a custom shell that authenticates the user depending on the ssh key that was used to login.

If you want something more complex (github-like, with a web UI providing lots of features), have a look at gitlab ( http://gitlabhq.org/ ) or gitorious ( http://getgitorious.com/ ).

Update

In order to be able to login normally on the server as the user in which you installed gitolite:

• Create a new SSH key and keep it, let's say, as ~/.ssh/id_rsa-git_admin on your workstation
• Add it as the first key in the ~/.ssh/authorized_keys file on the machine
• Install gitolite and make sure the key is still there (wait before logging out)
• From another terminal, run a git clone git@yourhost:gitolite-admin , and make sure it works.
• From another termina, try to login on the machine with ssh -i ~/.ssh/id_rsa-git_admin git@yourhost

If the last two steps are ok, your installation is fine.

Answer 2

This is a tricky one, since most git setups depend on user accounts. I see two options for you, unless you can install Gitolite as described in @redShadow's answer.

All Developers have Accounts on the Server

If the other people have accounts on the same mashine, you cold use linux/unix group permissions and make the repository read/writeable by that group only. If the group does nor yet exists, someone with root access needs to create it.

Readonly Access via HTTP with your own user management through htaccess

If clone-only access for a limited group is okay for you and you are willing to receive changes in form of patches, you could move your repository into your website root folder and use htaccess to limit access to the file. But this would be readonly.

Your htaccess would look like

AuthType Basic
AuthName "Password Required"
AuthUserFile /www/passwords/password.file
AuthGroupFile /www/passwords/group.file
Require Group admins

References:

• http://git-scm.com/book/en/Git-on-the-Server-The-Protocols
• http://httpd.apache.org/docs/2.2/howto/htaccess.html

Answer 3

I'm assuming you did a git init --bare ...

By default, when you init a bare repo, you give privileges for group writes and anyone else can read. That's dicussed on the help document for git init :

http://www.kernel.org/pub/software/scm/git/docs/git-init.html

You can use the umask option to have tighter control over access:

0xxx: 0xxx is an octal number and each file will have mode 0xxx. 
0xxx will override users' umask(2) value (and not only loosen permissions 
as group and all does). 0640 will create a repository which is group-readable, 
but not group-writable or accessible to others. 0660 will create a 
repo that is readable and writable to the current user and group, but 
inaccessible to others.