tags:

views:

71

answers:

2
+2  Q: 

Securing git server

I setup a git server over ssh as

http://blog.commonthread.com/post/1034988660/setting-up-a-git-server

However, I am still able to access the server by ssh and see all the folders on the server. How do you usually secure the server so that the git user cannot get out of the home directory and possibly do damage? I read some things about chroot or jail. Or setting the permissions of the home directory to 700. I would like to know the easiest way to achieve some security and the details on how to do it. This is on a Centos Linux server.

Is there a way to deny command line access while still allowing the user to push/pull from git?

+6  A: 

You should set the user's shell to git-shell. From the docs (indeed, almost the entire man page):

This is meant to be used as a login shell for SSH accounts you want to restrict to GIT pull/push access only. It permits execution only of server-side GIT commands implementing the pull/push functionality. The commands can be executed only by the -c option; the shell is not interactive.

(Rup, in the comments, if you'd just googled git shell...)

Jefromi  2010-06-25 15:13:52
Great answer! I used this link http://www.kernel.org/pub/software/scm/git/docs/everyday.htmlThen I tried using ssh to get in and I get this message:fatal: What do you think I am? A shell?Very cool
jimiyash  2010-06-26 01:16:17
+2  A: 

An alternative would be to use gitolite or gitosis, both of which manage this for you and are pretty easy to configure.

ebneter  2010-06-25 18:48:17
I was looking into gitosis as well. It might be good for more fine grained control. Thanks for your answer!
jimiyash  2010-06-26 01:19:16

related questions

How to have two remote orgins for Git?
Why is branching and merging easier in Mercurial than in Subversion?
Is there a better way of writing a git pre-commit hook to check any php file in a commit for parse errors ?
Bug tracker setup with Git integration?
Does git have anything like `svn propset svn:keywords` or pre-/post-commit hooks?
git-stash vs. git-branch
Git "bad sha1 file" error
Should I use GitHub+Fogbugz or Assembla?
How do you remove a specific revision in the git history?
How do you organise multiple git repositories?
What is the Difference Between Mercurial and Git?
How do I restore files to previous states in git?
Is there anything like TortoiseCVS and TortoiseSVN for git?
Good Git repository viewer for Mac
Deploying a Git subdirectory in Capistrano
How to "unversion" a file in either svn and/or git
How can I graph the Lines of Code history for git repo?
Switch branch names in git
Migrating to GIT
How can I set up an editor to work with Git on Windows?
How do you deal with configuration files in source control?
Undoing a git reset --hard HEAD~1
Version Control. Getting started...
Why is Git better than Subversion?
Distributed source control options