ddf4330d1e
requested by someone who told me it's high time I catered to the experts too, and saved them some time on the install! I took the opportunity to streamline the README (especially the "what" section), and to prioritise the non-root method over the root method in the install doc.
207 lines
8.6 KiB
Markdown
207 lines
8.6 KiB
Markdown
# Hosting git repositories
|
|
|
|
<a name="start"></a>
|
|
|
|
Gitolite allows you to setup git hosting on a central server, with
|
|
fine-grained access control and many (many!) more powerful features.
|
|
|
|
----
|
|
|
|
In this document:
|
|
|
|
* <a href="#_quick_install">quick install</a>
|
|
* <a href="#_what">what</a>
|
|
* <a href="#_why">why</a>
|
|
* <a href="#_main_features">main features</a>
|
|
* <a href="#_security">security</a>
|
|
* <a href="#_contact_and_license">contact and license</a>
|
|
|
|
----
|
|
|
|
<a name="_quick_install"></a>
|
|
|
|
### quick install
|
|
|
|
If you're comfortable with Unix and ssh, the following steps should work.
|
|
<font color="gray">(However, gitolite has lots and lots of useful features;
|
|
don't miss out on them by skipping the excellent
|
|
[documentation][docs]!)</font>
|
|
|
|
* create a user called `git`. Login to this user.
|
|
* copy your ssh pubkey from your workstation. Rename it to `YourName.pub`.
|
|
* now run these commands:
|
|
|
|
git clone git://github.com/sitaramc/gitolite
|
|
cd gitolite
|
|
src/gl-system-install
|
|
gl-setup ~/YourName.pub
|
|
|
|
You're done. Now run `git clone git@server:gitolite-admin` on your
|
|
workstation and [add users and repos][aur].
|
|
|
|
[aur]: http://sitaramc.github.com/gitolite/doc/2-admin.html#_adding_users_and_repos
|
|
|
|
<a name="_what"></a>
|
|
|
|
### what
|
|
|
|
Gitolite is an access control layer on top of git. Here's an "executive
|
|
summary":
|
|
|
|
* use a single unix user ("real" user) on the server
|
|
* provide access to many gitolite users
|
|
* they are not "real" users
|
|
* they do not get shell access
|
|
* control access to many git repositories
|
|
* read access controlled at the repo level
|
|
* write access controlled at the branch/tag/file/directory level,
|
|
including who can rewind, create, and delete branches/tags
|
|
* can be installed without root access, assuming git and perl are already
|
|
installed
|
|
* authentication is most commonly done using sshd, but you can also use
|
|
httpd if you prefer (this may require root access).
|
|
* several other neat features described below and elsewhere in the
|
|
[doc/][docs] directory.
|
|
|
|
Gitolite comes with a **huge** amount of documentation. If you're absolutely
|
|
new, the suggested reading order is this:
|
|
|
|
* the README (this document) for a quick intro
|
|
* the [INSTALL][install] document
|
|
* the most common installation issues are caused by ssh. Here's how
|
|
[gitolite uses ssh][doc9gas]. And here's an [ssh trouble
|
|
shooting][doc6sts] document
|
|
* the [ADMIN][admin] document
|
|
* (if you're migrating from gitosis, read [this][migr])
|
|
|
|
There is also a **[master TOC of all gitolite documentation][docs]**; use your
|
|
browser's search function to look for likely sounding words or just browse
|
|
around -- you never know what you'll find!
|
|
|
|
[Here][who]'s some information on some of the projects and
|
|
people using gitolite (and who, in turn, have helped shape its features).
|
|
|
|
<a name="_why"></a>
|
|
|
|
### why
|
|
|
|
Gitolite is separate from git, and needs to be installed and configured. So...
|
|
why do we bother?
|
|
|
|
Gitolite is useful in any server that is going to host multiple git
|
|
repositories, each with many developers, where some sort of access control is
|
|
required.
|
|
|
|
In theory, this can be done with plain old Unix permissions: each user is a
|
|
member of one or more groups, each group "owns" one or more repositories, and
|
|
using unix permissions (especially the setgid bit -- `chmod g+s`) you can
|
|
allow/disallow users access to repos.
|
|
|
|
But there are several disadvantages here:
|
|
|
|
* every user needs a userid and password on the server. This is usually a
|
|
killer, especially in tightly controlled environments
|
|
* adding/removing access rights involves complex `usermod -G ...` mumblings
|
|
which most admins would rather not deal with
|
|
* *viewing* (aka auditing) the current set of permissions requires running
|
|
multiple commands to list directories and their permissions/ownerships,
|
|
users and their group memberships, and then correlating all these manually
|
|
* auditing historical permissions or permission changes is pretty much
|
|
impossible without extraneous tools
|
|
* errors or omissions in setting the permissions exactly can cause problems
|
|
of either kind: false accepts or false rejects
|
|
* without going into ACLs it is not possible to give some people read-only
|
|
access while some others have read-write access to a repo (unless you make
|
|
it world-readable). Group access just doesn't have enough granularity
|
|
* it is absolutely impossible to restrict pushing by branch name or tag
|
|
name.
|
|
|
|
Gitolite does away with all this:
|
|
|
|
* it uses ssh magic to remove the need to give actual unix userids to
|
|
developers
|
|
* it uses a simple but powerful config file format to specify access rights
|
|
* access control changes are affected by modifying this file, adding or
|
|
removing user's public keys, and "compiling" the configuration
|
|
* this also makes auditing trivial -- all the data is in one place, and
|
|
changes to the configuration are also logged, so you can audit them.
|
|
* finally, the config file allows distinguishing between read-only and
|
|
read-write access, not only at the repository level, but at the branch
|
|
level within repositories.
|
|
|
|
<a name="_main_features"></a>
|
|
|
|
### main features
|
|
|
|
The most important feature I needed was **per-branch permissions**. This is
|
|
pretty much mandatory in a corporate environment, and is almost the single
|
|
reason I started *thinking* about writing gitolite.
|
|
|
|
It's not just "read-only" versus "read-write". Rewinding a branch (aka "non
|
|
fast forward push") is potentially dangerous, but sometimes needed. So is
|
|
deleting a branch (which is really just an extreme form of rewind). I needed
|
|
something in between allowing anyone to do it (the default) and disabling it
|
|
completely (`receive.denyNonFastForwards` or `receive.denyDeletes`).
|
|
|
|
Here're **some more features**. All of them, and more, are documented in
|
|
detail somewhere in gitolite's [doc/][docs] subdirectory.
|
|
|
|
* simple, yet powerful, config file syntax, including specifying
|
|
gitweb/daemon access. You'll need this power if you manage lots of
|
|
users+repos+combinations of access
|
|
* apart from branch-name based restrictions, you can also restrict by
|
|
file/dir name changed (i.e., output of `git diff --name-only`)
|
|
* if your requirements are still too complex, you can split up the config
|
|
file and delegate authority over parts of it
|
|
* easy to specify gitweb owner, description and gitweb/daemon access
|
|
* easy to sync gitweb (http) authorisation with gitolite's access config
|
|
* comprehensive logging [aka: management does not think "blame" is just a
|
|
synonym for "annotate" :-)]
|
|
* "personal namespace" prefix for each dev
|
|
* migration guide and simple converter for gitosis conf file
|
|
* "exclude" (or "deny") rights at the branch/tag level
|
|
* specify repos using patterns (patterns may include creator's name)
|
|
* define powerful operations on the server side, even github-like forking
|
|
|
|
<a name="_security"></a>
|
|
|
|
### security
|
|
|
|
Due to the environment in which this was created and the need it fills, I
|
|
consider this a "security" program, albeit a very modest one.
|
|
|
|
For the first person to find a security hole in it, defined as allowing a
|
|
normal user (not the gitolite admin) to read a repo, or write/rewind a ref,
|
|
that the config file says he shouldn't, and caused by a bug in *code* that is
|
|
in the "master" branch, (not in the other branches, or the configuration file
|
|
or in Unix, perl, shell, etc.)... well I can't afford 1000 USD rewards like
|
|
djb, so you'll have to settle for 5000 INR (Indian Rupees) as a "token" prize
|
|
:-)
|
|
|
|
However, there are a few optional features (which must be explicitly enabled
|
|
in the RC file) where I just haven't had the time to reason about security
|
|
thoroughly enough. Please read the comments in `conf/example.gitolite.rc` for
|
|
details, looking for the word "security".
|
|
|
|
----
|
|
|
|
<a name="_contact_and_license"></a>
|
|
|
|
### contact and license
|
|
|
|
Gitolite is released under GPL v2. See COPYING for details.
|
|
|
|
* author: sitaramc@gmail.com, sitaram@atc.tcs.com
|
|
* mailing list: gitolite@googlegroups.com
|
|
* list subscribe address : gitolite+subscribe@googlegroups.com
|
|
|
|
[transcript]: http://sitaramc.github.com/gitolite/doc/install-transcript.html
|
|
[install]: http://sitaramc.github.com/gitolite/doc/1-INSTALL.html
|
|
[admin]: http://sitaramc.github.com/gitolite/doc/2-admin.html
|
|
[migr]: http://sitaramc.github.com/gitolite/doc/migrate.html
|
|
[doc9gas]: http://sitaramc.github.com/gitolite/doc/gitolite-and-ssh.html
|
|
[doc6sts]: http://sitaramc.github.com/gitolite/doc/ssh-troubleshooting.html
|
|
[who]: http://sitaramc.github.com/gitolite/doc/who-uses-it.html
|
|
[tut]: http://sites.google.com/site/senawario/home/gitolite-tutorial
|
|
[docs]: http://sitaramc.github.com/gitolite
|