gitolite/doc/users.mkd

68 lines
2.5 KiB
Markdown
Raw Normal View History

# adding and removing users
2012-03-16 02:54:47 +01:00
Strictly speaking, gitolite doesn't know where users come from. If that
surprises you, read [this][auth]. However, gitolite does help with ssh-based
authentication, so here's some info on adding and removing users.
2012-03-16 02:54:47 +01:00
> ----
2012-03-16 02:54:47 +01:00
> *WARNING: Do NOT add users directly on the server. Clone the
> 'gitolite-admin' repo to your workstation, make changes to it, then add,
> commit, and push. When the push hits the server, the server "acts" upon
> your changes.*
2012-03-16 02:54:47 +01:00
> ----
2012-03-16 02:54:47 +01:00
All operations are in a clone of the gitolite-admin repo.
2012-03-16 02:54:47 +01:00
To **add** a user, say Alice, obtain her public key (typically
`$HOME/.ssh/id_rsa.pub` on her workstation), copy it to `keydir` with the user
name as the basename (e.g., 'alice.pub' for user alice), then `git add
keydir/alice.pub`. (All keys files must have names ending in ".pub", and must
be in openssh's default format).
2012-03-16 02:54:47 +01:00
To **remove** a user, `git rm keydir/alice.pub`.
2012-03-16 02:54:47 +01:00
In both cases, you must commit and push. On receiving the push, gitolite will
carry out the changes specified.
2012-03-16 02:54:47 +01:00
The user name is simply the base name of the public key file name. So
'alice.pub', 'foo/alice.pub' and 'bar/alice.pub', all resolve to user "alice".
2012-03-16 02:54:47 +01:00
## #multi-key multiple keys per user
2012-03-16 02:54:47 +01:00
The simplest and most understandable is to put their keys in different
subdirectories, (alice.pub, home/alice.pub, laptop/alice.pub, etc).
2012-03-16 02:54:47 +01:00
### old style multi-keys
2012-03-16 02:54:47 +01:00
There is another way that involves creating key files like `alice@home.pub`
and `alice@laptop.pub`, but there is a complication because gitolite also
allows *full email addresses* as user names. (I.e., `sitaramc@gmail.com.pub`
denotes the user called `sitaramc@gmail.com`).
2012-03-16 02:54:47 +01:00
This older method of enabling multi-keys was developed to deal with that. It
will continue to work and be supported in *code*, simply because I prefer it.
But I will not accept questions or doc patches for it, because it seems it is
too difficult to understand for a lot of people. This table of sample pubkey
filenames and the corresponding derived usernames is all you get:
2012-03-16 02:54:47 +01:00
* plain username, no multikey
2012-03-16 02:54:47 +01:00
sitaramc.pub sitaramc
2012-03-16 02:54:47 +01:00
* plain username, with multikeys
2012-03-16 02:54:47 +01:00
sitaramc@laptop.pub sitaramc
sitaramc@desktop.pub sitaramc
2012-03-16 02:54:47 +01:00
* email address as username, no multikey
2012-03-16 02:54:47 +01:00
sitaramc@gmail.com.pub sitaramc@gmail.com
2012-03-16 02:54:47 +01:00
* email address as username, with multikeys
2012-03-16 02:54:47 +01:00
sitaramc@gmail.com@laptop.pub sitaramc@gmail.com
sitaramc@gmail.com@desktop.pub sitaramc@gmail.com
2012-03-16 02:54:47 +01:00