gitolite/doc/report-output.mkd
2011-02-06 06:24:40 +05:30

5 KiB

output of the "info" and "expand" commands

Running "ssh git@server info" or "ssh git@server expand" gives you certain output. This doclet describes the output; you're welcome to help me make it clearer :)

(Side note: if you installed using the "from-client" method, and you're the administrator, please replace ssh git@server with ssh gitolite, all through this document).

In this document:


the "info" command

Usage:

ssh git@server info [optional_pattern [list of users]]

The "info" command shows you all the repos (and repo patterns) in the config file that you have been given any kind of access to. If you supply an optional pattern the output will be limited to repos matching that pattern. If you're an admin you can append a list of users to see their permissions instead of your own; in this mode the pattern is mandatory, even if you just use . to cheat.

Here is a sample output of the info command. There are 3 columns of permissions (create, read, and write) in the output, although the first column is often blank.

    $ ssh git@server info
    hello sitaram, the gitolite version here is v1.5.5-24-g2b066fc
    the gitolite config gives you the following access:
         R   W 	SecureBrowse
         R   W 	anu-wsd
         R   W 	entrans
        @R   W 	git-notes
        @R   W 	gitolite
         R   W 	gitolite-admin
         R   W 	indic_web_input
     @C  R   W 	private/sitaram/[\w.-]+
         R   W 	proxy
     @C @R   W 	public/sitaram/[\w.-]+
        @R_ @W_	testing
         R   W 	vkc

interpreting the output

The meaning of C, R, and W are self-explanatory, but they may be prefixed or suffixed by a symbol:

  • an @ prefix means "@all" users have been given this permission

    repo foo
        R       =   @all
    
  • a # prefix means this user is a "superuser" (think root's shell prompt) and so has access to @all repos. Which means you'll see this prefix (or, in some cases, an &; see next bullet) for all the repos, or none of them

    repo @all
        R       =   sitaram
    
  • an & prefix means both of the above are true

The _ suffix is special. This says the user has only implicit access (due to one of the @all uses), but no explicit access.

using patterns to limit output

Here are a couple of samples with optional patterns:

    $ ssh git@server info git
    hello sitaram, the gitolite version here is v1.5.5-24-g2b066fc
    the gitolite config gives you the following access:
        @R   W 	git-notes
        @R   W 	gitolite
         R   W 	gitolite-admin

    $ ssh git@server info admin
    hello sitaram, the gitolite version here is v1.5.5-24-g2b066fc
    the gitolite config gives you the following access:
         R   W 	gitolite-admin

In "big-config" mode (i.e., when GL_BIG_CONFIG is set) the pattern is mandatory. You can try and cheat the system by passing in a "." but gitolite truncates the output after 20 results to prevent a DOS.

The pattern is also mandatory when an admin wants to find out what access some other user has, which you may have guessed from the syntax in the "usage" line above.

side note: openssh 5.6

It used to be that the gitolite documentation would say "just use ssh git@server" in the past, because gitolite defaults to the "info" command if no command is passed.

However, starting with openssh 5.6, this won't work. Openssh will now "Kill channel when pty allocation requests fail". This means that gitolite is not even invoked; you only get a message about pty allocation failure, followed by "connection closed".

So now you have to use an explicit "info" command, (ssh git@server info) or add the -T option to ssh (ssh -T git@server).

the "expand" command

Usage:

ssh git@server expand [optional_pattern]

The "expand" command trawls through all the repositories on the server, limiting to repos matching the pattern you provide (default is all repos found).

For each repo found, it searches for it in the config -- either the actual repo entry (when the repo is not a wildcard repo), or an entry for the wildcard that matches it -- and reports permissions. It also takes into account extra permissions enabled by the setperms command (see doc/wildcard-repositories.mkd). It shows you the "creator" of the repo as an additional column, defaulting to <gitolite> if it was not a wildcard repo.