Git access control with Gitosis

Introduction to Git access

There are many open source version control systems like Bazaar, Arch, Aegis, SVN ,CVS , Git etc. All systems have there own pros and cons. But I personally like Git due to it’s flexibility and possibilities.It have an excellent network compatibility. We can use the native Git protocol, but it also works over rsync, ssh, HTTP and HTTPS. Access control is the more painful headache for admins. ie who can commit , who can access projects etc. Here we can manage git repositories with gitosis , which is a tool for git access control . More safe thing is gitosis can be used with ssh-key authentication which is one of the most secure data transfer methodology in linux. While we use key-authentication we don’t need to create that user in Git server , it tighten security further becuase developers will not get shell access on server. There should be a Git user in server , here I am creating a user as ‘git’ in server.

If you don’t have Git access on your machine install it through yum(Redhat based) or apt-get(Debian based) depending up on your OS.

[bash]
# apt-get install git-core
[/bash]

For the installation of gitosis we need python-setuptools package in our server.

[bash]
# apt-get install python-setuptools
[/bash]

Now we can download gitosiis from it’s git repository.

[bash]
# git clone git://eagain.net/gitosis.git
[/bash]

it’s of few KBs .Now install it with python script.

[bash]
# cd gitosis
# python setup.py install
[/bash]

create an user as git(you can give any name) . Give him a shell otherwise ssh login might have problems ,then give the desired home directory.(which will be the Git Root directory).

It’s the time to upload public key to Git server. If you have a public-private key pair in local machineuse it , otherwise create a new one with ssk-keygen.

[bash]
# ssh-keygen -t rsa
[/bash]

Public key will be in name id_rsa.pub . Copy the key and upload it to the server.

Next , execute the command

[bash]
# sudo -H -u git gitosis-init < /tmp/id_rsa.pub
[/bash]

This will add some directories and files in to user git’s home directory and append the public key to authorized keys file of user git.
Now clone the gitosis-admin repository to your local machine.

[bash]
$ git clone git@GIT-SERVER:gitosis-admin.git
$ cd gitosis-admin
[/bash]

If you list this directory you can see only two directories .Here You can create new projects , make changes , do access control etc. What ever you do , you have to commit it and push it to the server to replicate the changes on server. Since we cloned gitosis-admin repository we can make all changes locally and push it to the server.

Creating new repository and control access on new repository.

For creating a new repository , edit the gitosis.conf file and add the entries as follows.
Here I am assuming that the new repository name is ‘test’

[bash]
[group testgroup]
members = hans
writable = test
[/bash]

Here group is just a name , no matter what it is. member is the list of users who can access the repository and ‘writable’ is the name of repository. Commit this changes and push it to the server.

[bash]
$ git commit -a -m "comment for this commit"
$ git push
[/bash]

Create the directory ‘test’ and initiate it as a git repo.

[bash]
$ mkdir test
$ cd test
$ git init
[/bash]

Add remote server url to the new repository config file.

[bash]
$ git remote add origin git@GIT_SERVER:test.git
[/bash]

push the changes in to the server.

[bash]
$ git push origin master:refs/heads/master
[/bash]

Eventhough we allowed user hans to access ‘test’ repository , we didn’t add his public key to the server . So he will not be able to access the project repository. So copy his public key to ‘keydir’ as hans.pub . It should have a ‘.pub’ extension.

[bash]
$ cd gitosis-admin
$ cp /home/hans/hans.pub keydir/hans.pub
$ git add keydir/hans.pub
$ git commit -a -m "comment"
$ git push
[/bash]

Yes we done it !
Now user hans can clone the test repository to his local machine. He can make changes ,add files ,commit ,and push changes to the server.

hans $ git clone git@GIT_SERVER:test.git
Now try it. Good Luck !

Leave a Reply

Your email address will not be published. Required fields are marked *