You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
106 lines
2.9 KiB
106 lines
2.9 KiB
git-shell(1) |
|
============ |
|
|
|
NAME |
|
---- |
|
git-shell - Restricted login shell for Git-only SSH access |
|
|
|
|
|
SYNOPSIS |
|
-------- |
|
[verse] |
|
'chsh' -s $(command -v git-shell) <user> |
|
'git clone' <user>`@localhost:/path/to/repo.git` |
|
'ssh' <user>`@localhost` |
|
|
|
DESCRIPTION |
|
----------- |
|
|
|
This is a login shell for SSH accounts to provide restricted Git access. |
|
It permits execution only of server-side Git commands implementing the |
|
pull/push functionality, plus custom commands present in a subdirectory |
|
named `git-shell-commands` in the user's home directory. |
|
|
|
COMMANDS |
|
-------- |
|
|
|
'git shell' accepts the following commands after the `-c` option: |
|
|
|
'git receive-pack <argument>':: |
|
'git upload-pack <argument>':: |
|
'git upload-archive <argument>':: |
|
Call the corresponding server-side command to support |
|
the client's 'git push', 'git fetch', or 'git archive --remote' |
|
request. |
|
'cvs server':: |
|
Imitate a CVS server. See linkgit:git-cvsserver[1]. |
|
|
|
If a `~/git-shell-commands` directory is present, 'git shell' will |
|
also handle other, custom commands by running |
|
"`git-shell-commands/<command> <arguments>`" from the user's home |
|
directory. |
|
|
|
INTERACTIVE USE |
|
--------------- |
|
|
|
By default, the commands above can be executed only with the `-c` |
|
option; the shell is not interactive. |
|
|
|
If a `~/git-shell-commands` directory is present, 'git shell' |
|
can also be run interactively (with no arguments). If a `help` |
|
command is present in the `git-shell-commands` directory, it is |
|
run to provide the user with an overview of allowed actions. Then a |
|
"git> " prompt is presented at which one can enter any of the |
|
commands from the `git-shell-commands` directory, or `exit` to close |
|
the connection. |
|
|
|
Generally this mode is used as an administrative interface to allow |
|
users to list repositories they have access to, create, delete, or |
|
rename repositories, or change repository descriptions and |
|
permissions. |
|
|
|
If a `no-interactive-login` command exists, then it is run and the |
|
interactive shell is aborted. |
|
|
|
EXAMPLE |
|
------- |
|
|
|
To disable interactive logins, displaying a greeting instead: |
|
|
|
---------------- |
|
$ chsh -s /usr/bin/git-shell |
|
$ mkdir $HOME/git-shell-commands |
|
$ cat >$HOME/git-shell-commands/no-interactive-login <<\EOF |
|
#!/bin/sh |
|
printf '%s\n' "Hi $USER! You've successfully authenticated, but I do not" |
|
printf '%s\n' "provide interactive shell access." |
|
exit 128 |
|
EOF |
|
$ chmod +x $HOME/git-shell-commands/no-interactive-login |
|
---------------- |
|
|
|
To enable git-cvsserver access (which should generally have the |
|
`no-interactive-login` example above as a prerequisite, as creating |
|
the git-shell-commands directory allows interactive logins): |
|
|
|
---------------- |
|
$ cat >$HOME/git-shell-commands/cvs <<\EOF |
|
if ! test $# = 1 && test "$1" = "server" |
|
then |
|
echo >&2 "git-cvsserver only handles \"server\"" |
|
exit 1 |
|
fi |
|
exec git cvsserver server |
|
EOF |
|
$ chmod +x $HOME/git-shell-commands/cvs |
|
---------------- |
|
|
|
SEE ALSO |
|
-------- |
|
ssh(1), |
|
linkgit:git-daemon[1], |
|
contrib/git-shell-commands/README |
|
|
|
GIT |
|
--- |
|
Part of the linkgit:git[1] suite
|
|
|