## when gitolite is overkill Note: I wrote this to help people for whom gitolite is genuinely overkill. I believe it will all work, but YMMV. ---- You don't always need something like gitolite. If you have a fixed (or very rarely changing) number of users, and all of them have full access to all your repos, you can use plain Unix permissions to get a lot of this done: * dedicate a userid (say "git") to host all your repos. This user will also have a group (normally called "git" on most distros I think) * create a directory that is accessible (at least "r" and "x" permissions) to the group "git", all the way upto the root. (That is, if the directory you chose is /home/git/repos, then /, /home, /home/git, and /home/git/repos must all be "g+rx"). * create all repos in this directory, as the "git" user, using the following command: git init --bare --shared reponame.git * For each user who needs access to the repos, add them as members to the "git" group also. On Fedora this is: usermod -a -G git username And that's basically it. The "init --shared" will create the repos with "chmod -R g+s". If you have existing repos where you forgot (or didn't know) the "--shared" argument, do this on each of them: cd reponame.git git init --shared --bare chmod -R g+w . chmod g+s `find . -type d` I think that should do it. Once you've setup the Unix level permissions, you may consider setting the shell of some of the less experienced users to "git-shell" (using its full path) if they don't really need a shell on the server. This will let them access git remotely but not do anything else. Combining this with settings like `receive.denyDeletes` and `receive.denyNonFastForwards`, or at least `core.logAllRefUpdates`, can go a long way toward preventing accidents or at least making it feasible to recover from them. ---- You can do more complex things using Unix acls. If you do, and feel like writing it up, send it to me and I will add it here (with credit given of course). Personally, I can't be bothered -- once you have differing needs for different people, you really need gitolite anyway, because you probably need different rights for branches as well and Unix ACLs can't do that.