shared git repository over ssh

A git repository is configured to be shared between users from the same group with:

# grep group /srv/repos/git/l2mesh.git/config
        shared = group

The repository directory is set with the group sticky bit so that files created by a user have the same group and permissions as the directory:

root@redmine ~# ls -ld /srv/repos/git/l2mesh.git/config
-rw-rw-r-- 1 root git 82 Nov 23 13:09 /srv/repos/git/l2mesh.git/config

The repository can then be cloned with

git clone ssh://redmine.the.re/srv/repos/git/l2mesh.git


A git repository is configured to be shared between users from the same group with:

root@redmine ~# cat /srv/repos/git/l2mesh.git/config
[core]
        repositoryformatversion = 0
        filemode = true
        bare = true
        shared = group

as explained in the corresponding section of the git-init(1) manual page:

       --shared[={false|true|umask|group|all|world|everybody|0xxx}]
           Specify that the git repository is to be shared amongst several users.
...
       o    group (or true): Make the repository group-writable, (and g+sx, since the git group may be not the primary group of all users). This is
           used to loosen the permissions of an otherwise safe umask(2) value.

A git group is created

# addgroup git
Adding group `git' (GID 1001) ...
Done.

If the repository already existed, the permissions are fixed as follows:

root@redmine repos/git# find l2mesh.git | xargs chgrp git
root@redmine repos/git# find l2mesh.git -type d | xargs chmod g+ws
root@redmine repos/git# find l2mesh.git -type f | xargs chmod g+w

A new user is created with:

root@redmine repos/git# adduser --shell /usr/lib/git-core/git-shell --disabled-password --gecos 'Jenkins' --gid 1001 jenkins
Adding user `jenkins' ...
Adding new user `jenkins' (1001) with group `git' ...
Creating home directory `/home/jenkins' ...
Copying files from `/etc/skel' ...
root@redmine repos/git# mkdir ~jenkins/.ssh
root@redmine repos/git# echo ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCghmQlss1rsb6lRMiYGStuKnkN7IOyKhEtzcJ7HXli56SCzN/brcw348zc4cpiRmvh6qkMU1mIzK3Vtfa/QmNNM\
QmA41SuuXqoWWcyEdDkAhW+SAk10LqqoLavgX75W0XipPTSI/zbfp80oxXnH1aFynzZIJAGM6/Vfh3E9C+smrdQnCkiRrKe8kKyvqzCuoy8WXA6EhnY1xCJ1af3rkSn1/w7LwchpaT/nqh7GxyZgbiDyJN\
CmK+hgg7lyjnjYiDwWVka6rvhPQ0GKyJmFhd06vEEJVulhYmvGEnHS8bfo60q9x/bdYLouzMM8KyogfuW+mHRREPAY5T1ZWe0ECWP tomcat6@jenkins > ~jenkins/.ssh/authorized_keys
root@redmine repos/git# chown -R jenkins ~jenkins/.ssh

The /usr/lib/git-core/git-shell is used because jenkins does not need to use anything but git.

tomcat6@jenkins:~$ git clone ssh://jenkins@redmine.the.re/srv/repos/git/l2mesh.git
Cloning into l2mesh...
remote: Counting objects: 101, done.
remote: Compressing objects: 100% (73/73), done.
remote: Total 101 (delta 36), reused 0 (delta 0)
Receiving objects: 100% (101/101), 32.60 KiB, done.
Resolving deltas: 100% (36/36), done.
This entry was posted in debian. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>