877c6625dc
typos, minor clarifications, removing outdated stuff that got missed, adding some emphasis here and there, re-phrasing some places, etc.
146 lines
5 KiB
Markdown
146 lines
5 KiB
Markdown
# output of the "info" and "expand" commands
|
|
|
|
Running "ssh git@server info" or "ssh git@server expand" gives you certain
|
|
output. This doclet describes the output; you're welcome to help me make it
|
|
clearer :)
|
|
|
|
In this document:
|
|
|
|
* <a href="#_the_info_command">the "info" command</a>
|
|
* <a href="#_interpreting_the_output">interpreting the output</a>
|
|
* <a href="#_using_patterns_to_limit_output">using patterns to limit output</a>
|
|
* <a href="#_side_note_openssh_5_6">side note: openssh 5.6</a>
|
|
* <a href="#_the_expand_command">the "expand" command</a>
|
|
|
|
----
|
|
|
|
<a name="_the_info_command"></a>
|
|
|
|
### the "info" command
|
|
|
|
Usage:
|
|
|
|
ssh git@server info [optional_pattern [list of users]]
|
|
|
|
The "info" command shows you all the repos (and repo patterns) in the config
|
|
file that you have been given any kind of access to. If you supply an
|
|
optional pattern the output will be limited to repos matching that pattern.
|
|
If you're an admin you can append a list of users to see their permissions
|
|
instead of your own; in this mode the pattern is mandatory, even if you just
|
|
use `.` to cheat.
|
|
|
|
Here is a sample output of the info command. There are 3 columns of
|
|
permissions (create, read, and write) in the output, although the first column
|
|
is often blank.
|
|
|
|
$ ssh git@server info
|
|
hello sitaram, this is gitolite v2.1-29-g5a125fa running on git 1.7.4.4
|
|
the gitolite config gives you the following access:
|
|
R SecureBrowse
|
|
R W anu-wsd
|
|
R W entrans
|
|
@R W git-notes
|
|
@R W gitolite
|
|
R W gitolite-admin
|
|
R W indic_web_input
|
|
@C R W private/sitaram/[\w.-]+
|
|
R W proxy
|
|
@C @R W public/sitaram/[\w.-]+
|
|
@R_ @W_ testing
|
|
R W vkc
|
|
|
|
<a name="_interpreting_the_output"></a>
|
|
|
|
#### interpreting the output
|
|
|
|
The meaning of C, R, and W are self-explanatory, but they may be prefixed or
|
|
suffixed by a symbol:
|
|
|
|
* an `@` prefix means "@all" users have been given this permission
|
|
|
|
repo foo
|
|
R = @all
|
|
|
|
* a `#` prefix means this user is a "superuser" (think root's shell prompt)
|
|
and so has access to `@all` repos. Which means you'll see this prefix
|
|
(or, in some cases, an `&`; see next bullet) for *all* the repos, or none
|
|
of them
|
|
|
|
repo @all
|
|
R = sitaram
|
|
|
|
* an `&` prefix means both of the above are true
|
|
|
|
The `_` suffix is special. This says the user has only implicit access (due
|
|
to one of the `@all` uses), but no explicit access.
|
|
|
|
<a name="_using_patterns_to_limit_output"></a>
|
|
|
|
#### using patterns to limit output
|
|
|
|
Here are a couple of samples with optional patterns:
|
|
|
|
$ ssh git@server info git
|
|
hello sitaram, this is gitolite v2.1-29-g5a125fa running on git 1.7.4.4
|
|
the gitolite config gives you the following access:
|
|
@R W git-notes
|
|
@R W gitolite
|
|
R W gitolite-admin
|
|
|
|
$ ssh git@server info admin
|
|
hello sitaram, this is gitolite v2.1-29-g5a125fa running on git 1.7.4.4
|
|
the gitolite config gives you the following access:
|
|
R W gitolite-admin
|
|
|
|
In "big-config" mode (i.e., when `GL_BIG_CONFIG` is set) the pattern is
|
|
**mandatory**. You can try and cheat the system by passing in a "." but
|
|
gitolite truncates the output after 20 results to prevent a DOS. (This limit
|
|
can be changed; see `$BIG_INFO_CAP` in [doc/gitolite.rc.mkd][rcdoc]).
|
|
|
|
[rcdoc]: http://sitaramc.github.com/gitolite/doc/gitolite.rc.html
|
|
|
|
The pattern is also mandatory when an admin wants to find out what access some
|
|
*other* user has, which you may have guessed from the syntax in the "usage"
|
|
line above.
|
|
|
|
<a name="_side_note_openssh_5_6"></a>
|
|
|
|
#### side note: openssh 5.6
|
|
|
|
It used to be that the gitolite documentation would say "just use `ssh
|
|
git@server`" in the past, because gitolite defaults to the "info" command if
|
|
no command is passed.
|
|
|
|
However, starting with [openssh 5.6][openssh56], this won't work. The ssh
|
|
client will now "Kill channel when pty allocation requests fail". This means
|
|
that gitolite is not even invoked; you only get a message about pty allocation
|
|
failure, followed by "connection closed".
|
|
|
|
So now you have to use an explicit "info" command, (`ssh git@server info`) or
|
|
add the `-T` option to ssh (`ssh -T git@server`).
|
|
|
|
[openssh56]: http://www.openssh.org/txt/release-5.6
|
|
|
|
<a name="_the_expand_command"></a>
|
|
|
|
### the "expand" command
|
|
|
|
Usage:
|
|
|
|
ssh git@server expand [optional_pattern]
|
|
|
|
The "expand" command trawls through all the repositories on the server,
|
|
limiting to repos matching the pattern you provide (default is all repos
|
|
found).
|
|
|
|
For each repo found, it searches for it in the config -- either the actual
|
|
repo entry (when the repo is not a wildcard repo), or an entry for the
|
|
wildcard that matches it -- and reports permissions. It also takes into
|
|
account extra permissions enabled by the `setperms` command (see
|
|
doc/wildcard-repositories.mkd). It shows you the "creator" of the repo as
|
|
an additional column, defaulting to `<gitolite>` if it was not a wildcard
|
|
repo.
|
|
|
|
The limit of number of repos shown in big-config mode (20, by default)
|
|
described earlier applies to the "expand" command also.
|