* git-shell default working directory
@ 2020-02-26 0:48 Greg Anders
2020-02-26 9:10 ` Andrei Rybak
0 siblings, 1 reply; 7+ messages in thread
From: Greg Anders @ 2020-02-26 0:48 UTC (permalink / raw)
To: git
Hello,
I'm working on standing up a self-hosted git server. I'd like to keep my
repositories under a dedicated directory, i.e. /srv/git, but I'd also
like to be able to clone a repository using a simple syntax:
git clone git@myserver:repo.git
as opposed to
git clone git@myserver:/srv/git/repo.git
I've not yet found a way to get this to work without keeping the
repositories in the git user's home folder. I've tried using a ~/.ssh/rc
file to chdir into /srv/git and I've tried using the `command=`
parameter in the authorized_keys file; however, both of these fail
because `cd` is not recognized as a valid command by git-shell.
I suppose I could create symlinks from the repositories in /srv/git into
/home/git, but I'm wondering if there's a cleaner way to do this?
Thanks,
Greg
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: git-shell default working directory
2020-02-26 0:48 git-shell default working directory Greg Anders
@ 2020-02-26 9:10 ` Andrei Rybak
2020-02-26 20:11 ` Jeff King
0 siblings, 1 reply; 7+ messages in thread
From: Andrei Rybak @ 2020-02-26 9:10 UTC (permalink / raw)
To: Greg Anders, git
On 2020-02-26 01:48, Greg Anders wrote:
> Hello,
Hi Greg,
> I'm working on standing up a self-hosted git server. I'd like to keep my
> repositories under a dedicated directory, i.e. /srv/git, but I'd also
> like to be able to clone a repository using a simple syntax:
>
> git clone git@myserver:repo.git
>
> as opposed to
>
> git clone git@myserver:/srv/git/repo.git
>
> I've not yet found a way to get this to work without keeping the
> repositories in the git user's home folder.
Disclaimer: I'm not at all familiar with git server setup. Would it make sense
to change git user home directory to be the required dedicated directory?
> I've tried using a ~/.ssh/rc
> file to chdir into /srv/git and I've tried using the `command=`
> parameter in the authorized_keys file; however, both of these fail
> because `cd` is not recognized as a valid command by git-shell.
>
> I suppose I could create symlinks from the repositories in /srv/git into
> /home/git, but I'm wondering if there's a cleaner way to do this?
>
> Thanks,
>
> Greg
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: git-shell default working directory
2020-02-26 9:10 ` Andrei Rybak
@ 2020-02-26 20:11 ` Jeff King
2020-02-26 20:29 ` Junio C Hamano
0 siblings, 1 reply; 7+ messages in thread
From: Jeff King @ 2020-02-26 20:11 UTC (permalink / raw)
To: Andrei Rybak; +Cc: Greg Anders, git
On Wed, Feb 26, 2020 at 10:10:05AM +0100, Andrei Rybak wrote:
> > I've not yet found a way to get this to work without keeping the
> > repositories in the git user's home folder.
>
> Disclaimer: I'm not at all familiar with git server setup. Would it make sense
> to change git user home directory to be the required dedicated directory?
Yeah, that's what I would suggest. git-shell does explicitly cd to
$HOME, so any chdir you do before then will be lost (though you could
perhaps just set $HOME in ~/.ssh/rc).
-Peff
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: git-shell default working directory
2020-02-26 20:11 ` Jeff King
@ 2020-02-26 20:29 ` Junio C Hamano
2020-02-26 20:39 ` Jeff King
0 siblings, 1 reply; 7+ messages in thread
From: Junio C Hamano @ 2020-02-26 20:29 UTC (permalink / raw)
To: Jeff King; +Cc: Andrei Rybak, Greg Anders, git
Jeff King <peff@peff.net> writes:
> On Wed, Feb 26, 2020 at 10:10:05AM +0100, Andrei Rybak wrote:
>
>> > I've not yet found a way to get this to work without keeping the
>> > repositories in the git user's home folder.
>>
>> Disclaimer: I'm not at all familiar with git server setup. Would it make sense
>> to change git user home directory to be the required dedicated directory?
>
> Yeah, that's what I would suggest. git-shell does explicitly cd to
> $HOME, so any chdir you do before then will be lost (though you could
> perhaps just set $HOME in ~/.ssh/rc).
I didn't suggest it because the original request did not sound like
building a dedicated machine that is used only to push into without
interactive shell access. If $HOME is moved to such a git centric
place, that would make it almost impossible to use the account for
shell interactive access, I would imagine, and if that is acceptable,
perhaps something like gitolite would fit the bill better?
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: git-shell default working directory
2020-02-26 20:29 ` Junio C Hamano
@ 2020-02-26 20:39 ` Jeff King
2020-02-27 21:57 ` Greg Anders
0 siblings, 1 reply; 7+ messages in thread
From: Jeff King @ 2020-02-26 20:39 UTC (permalink / raw)
To: Junio C Hamano; +Cc: Andrei Rybak, Greg Anders, git
On Wed, Feb 26, 2020 at 12:29:13PM -0800, Junio C Hamano wrote:
> Jeff King <peff@peff.net> writes:
>
> > On Wed, Feb 26, 2020 at 10:10:05AM +0100, Andrei Rybak wrote:
> >
> >> > I've not yet found a way to get this to work without keeping the
> >> > repositories in the git user's home folder.
> >>
> >> Disclaimer: I'm not at all familiar with git server setup. Would it make sense
> >> to change git user home directory to be the required dedicated directory?
> >
> > Yeah, that's what I would suggest. git-shell does explicitly cd to
> > $HOME, so any chdir you do before then will be lost (though you could
> > perhaps just set $HOME in ~/.ssh/rc).
>
> I didn't suggest it because the original request did not sound like
> building a dedicated machine that is used only to push into without
> interactive shell access. If $HOME is moved to such a git centric
> place, that would make it almost impossible to use the account for
> shell interactive access, I would imagine, and if that is acceptable,
> perhaps something like gitolite would fit the bill better?
I took the mention of /home/git to mean it was a dedicated "git" user.
But yeah, that would be an awful suggestion for a regular user. :)
And I second the notion of gitolite for a dedicated setup like this (I
haven't really used it much myself, but the design always seemed quite
sane to me).
I _do_ keep git repositories on a host accessible by my normal user.
It's a mild inconvenience to have to clone "git.peff.net:git/foo.git"
instead of just "git.peff.net:foo.git". We could allow a config or
environment variable to re-root a relative path given to upload-pack. As
long as it was clear this isn't a security feature (it's for people who
already have shell access, and could be overridden by an absolute path),
I think it would be OK.
-Peff
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: git-shell default working directory
2020-02-26 20:39 ` Jeff King
@ 2020-02-27 21:57 ` Greg Anders
2020-02-28 20:40 ` Greg Anders
0 siblings, 1 reply; 7+ messages in thread
From: Greg Anders @ 2020-02-27 21:57 UTC (permalink / raw)
To: Jeff King; +Cc: Junio C Hamano, Andrei Rybak, git
Thanks for the replies everyone!
>Disclaimer: I'm not at all familiar with git server setup. Would it
>make sense to change git user home directory to be the required
>dedicated directory?
I did think about this but that doesn't really solve the problem. The
reason I'd like to use a dedicated directory for the repositories is so
that I can separate the repos from the git user's home files (e.g.
.profile, .ssh, etc.) I am also hosting an HTTP front end that reads the
repos and I don't want to introduce a security risk by giving the web
server access to the git user's home directory.
>Yeah, that's what I would suggest. git-shell does explicitly cd to
>$HOME, so any chdir you do before then will be lost (though you could
>perhaps just set $HOME in ~/.ssh/rc).
I did try ~/.ssh/rc, but when using git-shell it says `/bin/sh .ssh/rc:
Unknown command` or something to that effect. I'm assuming this has to
do with the fact that git-shell can only run a certain subset of
commands (although according to the SSH docs, the rc file _should_ be
executed _before_ switching to the user's $SHELL, so I'm not actually
quite sure why this doesn't work).
>And I second the notion of gitolite for a dedicated setup like this (I
>haven't really used it much myself, but the design always seemed quite
>sane to me).
I'd actually never heard of gitolite before. It does look like a great
piece of software, but I'm worried it might be overkill for me since I'm
running just a single-user setup (i.e. me).
For now, I've just created symlinks from /srv/git into /home/git which
allows cloning over SSH to work how I'd expect. I also created a
interactive command under git-shell-commands/ that will create a new
repository in /srv/git and also automatically generate the symlinks into
/home/git. It feels a bit hacky, but it works!
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: git-shell default working directory
2020-02-27 21:57 ` Greg Anders
@ 2020-02-28 20:40 ` Greg Anders
0 siblings, 0 replies; 7+ messages in thread
From: Greg Anders @ 2020-02-28 20:40 UTC (permalink / raw)
To: git; +Cc: Junio C Hamano, Andrei Rybak, Jeff King
Just wanted to follow up one more time on this: I decided to give
gitolite a look and am extremely impressed! It was quite easy to set up
and does exactly what I want and quite a bit more!
Just wanted to provide a glowing recommendation for anyone else
considering doing their own git hosting.
Greg
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-02-28 20:40 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-26 0:48 git-shell default working directory Greg Anders
2020-02-26 9:10 ` Andrei Rybak
2020-02-26 20:11 ` Jeff King
2020-02-26 20:29 ` Junio C Hamano
2020-02-26 20:39 ` Jeff King
2020-02-27 21:57 ` Greg Anders
2020-02-28 20:40 ` Greg Anders
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).