Git on your own server
Last updated on August 24, 2024 am
Git on your own server
First, you create a git user account and a .ssh directory for the daemon user.
Set up an empty repository for them by running git init with the –bare option, which initializes the repository without a working directory:
1
2
3
4cd /srv/git
mkdir project.git
cd project.git
git init --baregit should response the following:
Initialized empty Git repository in /srv/git/project.git/
On end user’s computer, he/she can push the first version.
1
2
3
4
5
6cd myproject
git init
git add .
git commit -m 'Initial commit'
git remote add origin git@gitserver:/srv/git/project.git
git push origin masterAt this point, the others can clone it down and push changes back up just as easily:
1
2
3
4
5git clone git@gitserver:/srv/git/project.git
cd project
vim README
git commit -am 'Fix for README file'
git push origin master
Security
You can easily restrict the git user account to only Git-related activities with a limited shell tool called git-shell that comes with Git. If you set this as the git user account’s login shell, then that account can’t have normal shell access to your server. To use this, specify git-shell instead of bash or csh for that account’s login shell. To do so, you must first add the full pathname of the git-shell command to /etc/shells if it’s not already there:
1 |
|
To change the shell for a user:
1 |
|
At this point, end users are still able to use SSH port forwarding to access any host the git server is able to reach. If you want to prevent that, you can edit the authorized_keys file and prepend the following options to each key you’d like to restrict:
1 |
|
The result should look like this:
1 |
|
1 |
|