views:

397

answers:

2

I'm trying set up a git repository on a shared hosting account that can be accessed by both me and a friend. I have successfully done this with a Subversion repository by adding this line to ~/.ssh/authorized_keys:

command="/usr/bin/svnserve -t -r /path/to/svn/repo \
  --tunnel-user=myfriend",no-port-forwarding,no-agent-forwarding,\
  no-X11-forwarding,no-pty [ssh key]

I have got so far as to learn that git-shell is git's equivalent of svnserve, but there doesn't seem to be an equivalent of the -r option to restrict access to particular path. This is problematic because there are other git repositories that I don't want my friend to have access to.

I've read briefly about gitosis, which seems to be able to do what I'm wanting, but I want to see if there's a simpler solution before trying to set up another piece of software to accomplish this one specific requirement. Thanks in advance!

Edit: I found this article that provides a script to do it:

http://eagain.net/blog/2007/03/22/howto-host-git.html

But in fact, it's written by the same guy that later wrote gitosis and is marked as obsolete. It also seems that gitosis won't be possible in my situation because it requires creating a dedicated UNIX user which I can't do with a shared hosting account. I'd love to be proven wrong if I've misunderstood any of this, however!

A: 

I think it's simpler than all that: setting up a remote git repository

RyanWilcox
That is a good resource but it doesn't seem to cover my particular issue. I understand how to set up a remote git repository. What I need to do is control access to it because it's not a public repository.
Jimmy Cuadra
Ignoring the second half of the article -- shouldn't the first give you a repository that's controlled (to people who can log into that username on your machine)? It could be that I'm missing something, so if I am please let me know -- I assumed this would work for keeping repositories private, but maybe I was mistaken (and should change some things on my own servers)
RyanWilcox
That guide does make the repository private in the sense that you must be able to connect via SSH to access it. The difference in my situation is that I have multiple git repositories under the shell account in question and only want to allow my friend to access one specific repository. git-shell doesn't seem to have a directly equivalent of svnserve's -r option, which allows you to restrict commands executed by a user with a particular SSH key to a specific path. Using that, I could set up my friend's connection to only have access to ~/repos/repo1 instead of everything under ~/repos.
Jimmy Cuadra
You need to use separate IDs to give separate privileges, I think. That is, while you and your friend are sharing the same ID, you have the same privileges--that's what sharing means. If you don't want the sharing, separate the IDs.
Jonathan Leffler
Not sure what you mean by IDs. There is only one shell account, but we're using different SSH keys. Restricting access to a particular directory is possible in this situation through svnserve when using a Subversion repository, but not through git-shell for a Git repository, as I have learned.
Jimmy Cuadra
+1  A: 

Here are some options:

  • Control which repositories a user can access using normal Unix permissions.

  • Use a restricted login shell such as rssh and have your friend use rsync:// URLs for his remotes.

  • Serve the repository over HTTP or HTTPS with a username and password to protect it. You'll want to enable the git hook for updating the metadata.

daf