gitolite/doc/2-admin.mkd

# administering and running gitolite

*Note*: some of the paths in this document use variable names.  Just refer to
`~/.gitolite.rc` for the correct values for *your* installation.

### administer

  * ask each user who will get access to send you a public key.  See other
    sources (for example
    [here](http://sitaramc.github.com/0-installing/2-access-gitolite.html#generating_a_public_key))
    for how to do this

  * rename each public key according to the user's name, with a `.pub`
    extension, like `sitaram.pub` or `john-smith.pub`.  You can also use
    periods and underscores

  * copy all these `*.pub` files to `$GL_KEYDIR`

  * edit the config file (`$GL_CONF`) and give the new users permissions as
    required.  The users names should be exactly the same as their keyfile
    names, but without the `.pub` extension

  * backup your `~/.ssh/authorized_keys` file if you feel nervous :-)
      * that's "backup" as in "copy", not "move".  The next step won't work if
        the file doesn't exist.  Even an empty one is fine but it must be
        present
      * if you don't have an `~/.ssh/authorized_keys` file at all, you may
        have logged in with a password, which in turn might mean you are not
        familiar with ssh and authkeys etc.  If so, please read up at least
        [this](http://sitaramc.github.com/0-installing/9-gitolite-basics.html#IMPORTANT_overview_of_ssh),
        and preferably also the man pages for sshd and sshd\_config, to make
        sure you understand the security implications of what you are doing.
        Once you have understood that, create at least an empty
        `~/.ssh/authorized_keys` file before proceeding to the next step

  * cd to `$GL_ADMINDIR` and run `src/gl-compile-conf`

That should be it, really.  However, if you want to be doubly sure, or maybe
the first couple of times you use it, you may want to check these:

  * check the outputs

      * `~/.ssh/authorized_keys` should contain one line for each "user" pub
        key added, between two "marker" lines (which you should please please
        not remove!).  The line should contain a "command=" pointing to a
        `$GL_ADMINDIR/src/gl-auth-command` file, then some sshd restrictions, the
        key, etc.
      * `$GL_CONF_COMPILED` should contain an expanded list of the access
        control rules.  It may look a little long, but it's fairly intuitive!

  * if the run threw up any "initialising empty repo" messages, check the
    individual repos (inside `$REPO_BASE`) if you wish.  Especially make sure
    the `$REPO_BASE/[reponame].git/hooks/update` got copied OK and is
    executable
doc changes after split 2009-08-27 11:54:23 +02:00			`# administering and running gitolite`

doc fixes: - install is even clearer now (I hope!), esp to people with root access who seem to expect something else :) - used path vars (from ~/.gitolite.rc) more consistently, and - added refeerences to ~/.gitolite.rc for resolving them 2009-08-30 08:38:54 +02:00			`Note: some of the paths in this document use variable names. Just refer to`
			`~/.gitolite.rc` for the correct values for your installation.
admin doc: clarified the instructions a little more ...it seems some admins are, well, not quite ready to be admins :) (also some minor typo fixes slipped in) 2009-08-29 07:21:48 +02:00
doc changes after split 2009-08-27 11:54:23 +02:00			`### administer`

			`* ask each user who will get access to send you a public key. See other`
			`sources (for example`
admin doc: clarified the instructions a little more ...it seems some admins are, well, not quite ready to be admins :) (also some minor typo fixes slipped in) 2009-08-29 07:21:48 +02:00			`[here](http://sitaramc.github.com/0-installing/2-access-gitolite.html#generating_a_public_key))`
doc changes after split 2009-08-27 11:54:23 +02:00			`for how to do this`
admin doc: clarify why authkeys is needed and what it does I was very insistently told by a user that I should just create the file if it does not exist, but this is as far as I am willing to go 2009-08-30 17:49:36 +02:00
admin doc: clarified the instructions a little more ...it seems some admins are, well, not quite ready to be admins :) (also some minor typo fixes slipped in) 2009-08-29 07:21:48 +02:00			* rename each public key according to the user's name, with a `.pub`
			extension, like `sitaram.pub` or `john-smith.pub`. You can also use
			`periods and underscores`
admin doc: clarify why authkeys is needed and what it does I was very insistently told by a user that I should just create the file if it does not exist, but this is as far as I am willing to go 2009-08-30 17:49:36 +02:00
admin doc: clarified the instructions a little more ...it seems some admins are, well, not quite ready to be admins :) (also some minor typo fixes slipped in) 2009-08-29 07:21:48 +02:00			* copy all these `*.pub` files to `$GL_KEYDIR`
admin doc: clarify why authkeys is needed and what it does I was very insistently told by a user that I should just create the file if it does not exist, but this is as far as I am willing to go 2009-08-30 17:49:36 +02:00
admin doc: clarified the instructions a little more ...it seems some admins are, well, not quite ready to be admins :) (also some minor typo fixes slipped in) 2009-08-29 07:21:48 +02:00			* edit the config file (`$GL_CONF`) and give the new users permissions as
			`required. The users names should be exactly the same as their keyfile`
			names, but without the `.pub` extension
admin doc: clarify why authkeys is needed and what it does I was very insistently told by a user that I should just create the file if it does not exist, but this is as far as I am willing to go 2009-08-30 17:49:36 +02:00
doc changes after split 2009-08-27 11:54:23 +02:00			* backup your `~/.ssh/authorized_keys` file if you feel nervous :-)
admin doc: clarify why authkeys is needed and what it does I was very insistently told by a user that I should just create the file if it does not exist, but this is as far as I am willing to go 2009-08-30 17:49:36 +02:00			`* that's "backup" as in "copy", not "move". The next step won't work if`
			`the file doesn't exist. Even an empty one is fine but it must be`
			`present`
			* if you don't have an `~/.ssh/authorized_keys` file at all, you may
			`have logged in with a password, which in turn might mean you are not`
			`familiar with ssh and authkeys etc. If so, please read up at least`
			`[this](http://sitaramc.github.com/0-installing/9-gitolite-basics.html#IMPORTANT_overview_of_ssh),`
			`and preferably also the man pages for sshd and sshd\_config, to make`
compile: better message when authkeys absent for security reasons, we refuse to create ~/.ssh/authorized_keys if it doesn't exist. Explain this better and point to the documentation 2009-09-17 07:09:13 +02:00			`sure you understand the security implications of what you are doing.`
			`Once you have understood that, create at least an empty`
			`~/.ssh/authorized_keys` file before proceeding to the next step
admin doc: clarify why authkeys is needed and what it does I was very insistently told by a user that I should just create the file if it does not exist, but this is as far as I am willing to go 2009-08-30 17:49:36 +02:00
doc changes after split 2009-08-27 11:54:23 +02:00			* cd to `$GL_ADMINDIR` and run `src/gl-compile-conf`

			`That should be it, really. However, if you want to be doubly sure, or maybe`
			`the first couple of times you use it, you may want to check these:`

			`* check the outputs`
admin doc: clarified the instructions a little more ...it seems some admins are, well, not quite ready to be admins :) (also some minor typo fixes slipped in) 2009-08-29 07:21:48 +02:00
doc changes after split 2009-08-27 11:54:23 +02:00			* `~/.ssh/authorized_keys` should contain one line for each "user" pub
			`key added, between two "marker" lines (which you should please please`
			`not remove!). The line should contain a "command=" pointing to a`
			`$GL_ADMINDIR/src/gl-auth-command` file, then some sshd restrictions, the
			`key, etc.`
doc fixes: - install is even clearer now (I hope!), esp to people with root access who seem to expect something else :) - used path vars (from ~/.gitolite.rc) more consistently, and - added refeerences to ~/.gitolite.rc for resolving them 2009-08-30 08:38:54 +02:00			* `$GL_CONF_COMPILED` should contain an expanded list of the access
			`control rules. It may look a little long, but it's fairly intuitive!`
doc changes after split 2009-08-27 11:54:23 +02:00
			`* if the run threw up any "initialising empty repo" messages, check the`
			individual repos (inside `$REPO_BASE`) if you wish. Especially make sure
			the `$REPO_BASE/[reponame].git/hooks/update` got copied OK and is
			`executable`