git-shell default working directory

git-shell default working directory

[Greg Anders]

Hello,

I'm working on standing up a self-hosted git server. I'd like to keep my 
repositories under a dedicated directory, i.e. /srv/git, but I'd also 
like to be able to clone a repository using a simple syntax:

     git clone git@myserver:repo.git

as opposed to

     git clone git@myserver:/srv/git/repo.git

I've not yet found a way to get this to work without keeping the 
repositories in the git user's home folder. I've tried using a ~/.ssh/rc 
file to chdir into /srv/git and I've tried using the `command=` 
parameter in the authorized_keys file; however, both of these fail 
because `cd` is not recognized as a valid command by git-shell.

I suppose I could create symlinks from the repositories in /srv/git into 
/home/git, but I'm wondering if there's a cleaner way to do this?

Thanks,

Greg

Re: git-shell default working directory

[Andrei Rybak]

On 2020-02-26 01:48, Greg Anders wrote:
> Hello,

Hi Greg,

> I'm working on standing up a self-hosted git server. I'd like to keep my
> repositories under a dedicated directory, i.e. /srv/git, but I'd also
> like to be able to clone a repository using a simple syntax:
>
> git clone git@myserver:repo.git
>
> as opposed to
>
> git clone git@myserver:/srv/git/repo.git
>
> I've not yet found a way to get this to work without keeping the
> repositories in the git user's home folder.

Disclaimer: I'm not at all familiar with git server setup. Would it make sense
to change git user home directory to be the required dedicated directory?

> I've tried using a ~/.ssh/rc
> file to chdir into /srv/git and I've tried using the `command=`
> parameter in the authorized_keys file; however, both of these fail
> because `cd` is not recognized as a valid command by git-shell.
>
> I suppose I could create symlinks from the repositories in /srv/git into
> /home/git, but I'm wondering if there's a cleaner way to do this?
>
> Thanks,
>
> Greg 

Re: git-shell default working directory

[Jeff King]

On Wed, Feb 26, 2020 at 10:10:05AM +0100, Andrei Rybak wrote:

> > I've not yet found a way to get this to work without keeping the
> > repositories in the git user's home folder.
> 
> Disclaimer: I'm not at all familiar with git server setup. Would it make sense
> to change git user home directory to be the required dedicated directory?

Yeah, that's what I would suggest. git-shell does explicitly cd to
$HOME, so any chdir you do before then will be lost (though you could
perhaps just set $HOME in ~/.ssh/rc).

-Peff

Re: git-shell default working directory

[Junio C Hamano]

Jeff King <peff@peff.net> writes:

> On Wed, Feb 26, 2020 at 10:10:05AM +0100, Andrei Rybak wrote:
>
>> > I've not yet found a way to get this to work without keeping the
>> > repositories in the git user's home folder.
>> 
>> Disclaimer: I'm not at all familiar with git server setup. Would it make sense
>> to change git user home directory to be the required dedicated directory?
>
> Yeah, that's what I would suggest. git-shell does explicitly cd to
> $HOME, so any chdir you do before then will be lost (though you could
> perhaps just set $HOME in ~/.ssh/rc).

I didn't suggest it because the original request did not sound like
building a dedicated machine that is used only to push into without
interactive shell access.  If $HOME is moved to such a git centric
place, that would make it almost impossible to use the account for
shell interactive access, I would imagine, and if that is acceptable,
perhaps something like gitolite would fit the bill better?

Re: git-shell default working directory

[Jeff King]

On Wed, Feb 26, 2020 at 12:29:13PM -0800, Junio C Hamano wrote:

> Jeff King <peff@peff.net> writes:
> 
> > On Wed, Feb 26, 2020 at 10:10:05AM +0100, Andrei Rybak wrote:
> >
> >> > I've not yet found a way to get this to work without keeping the
> >> > repositories in the git user's home folder.
> >> 
> >> Disclaimer: I'm not at all familiar with git server setup. Would it make sense
> >> to change git user home directory to be the required dedicated directory?
> >
> > Yeah, that's what I would suggest. git-shell does explicitly cd to
> > $HOME, so any chdir you do before then will be lost (though you could
> > perhaps just set $HOME in ~/.ssh/rc).
> 
> I didn't suggest it because the original request did not sound like
> building a dedicated machine that is used only to push into without
> interactive shell access.  If $HOME is moved to such a git centric
> place, that would make it almost impossible to use the account for
> shell interactive access, I would imagine, and if that is acceptable,
> perhaps something like gitolite would fit the bill better?

I took the mention of /home/git to mean it was a dedicated "git" user.
But yeah, that would be an awful suggestion for a regular user. :)

And I second the notion of gitolite for a dedicated setup like this (I
haven't really used it much myself, but the design always seemed quite
sane to me).

I _do_ keep git repositories on a host accessible by my normal user.
It's a mild inconvenience to have to clone "git.peff.net:git/foo.git"
instead of just "git.peff.net:foo.git". We could allow a config or
environment variable to re-root a relative path given to upload-pack. As
long as it was clear this isn't a security feature (it's for people who
already have shell access, and could be overridden by an absolute path),
I think it would be OK.

-Peff

Re: git-shell default working directory

[Greg Anders]

Thanks for the replies everyone!

>Disclaimer: I'm not at all familiar with git server setup. Would it 
>make sense to change git user home directory to be the required 
>dedicated directory?      

I did think about this but that doesn't really solve the problem. The 
reason I'd like to use a dedicated directory for the repositories is so 
that I can separate the repos from the git user's home files (e.g.  
.profile, .ssh, etc.) I am also hosting an HTTP front end that reads the 
repos and I don't want to introduce a security risk by giving the web 
server access to the git user's home directory.

>Yeah, that's what I would suggest. git-shell does explicitly cd to
>$HOME, so any chdir you do before then will be lost (though you could
>perhaps just set $HOME in ~/.ssh/rc).

I did try ~/.ssh/rc, but when using git-shell it says `/bin/sh .ssh/rc: 
Unknown command` or something to that effect. I'm assuming this has to 
do with the fact that git-shell can only run a certain subset of 
commands (although according to the SSH docs, the rc file _should_ be 
executed _before_ switching to the user's $SHELL, so I'm not actually 
quite sure why this doesn't work).

>And I second the notion of gitolite for a dedicated setup like this (I
>haven't really used it much myself, but the design always seemed quite
>sane to me).

I'd actually never heard of gitolite before. It does look like a great 
piece of software, but I'm worried it might be overkill for me since I'm 
running just a single-user setup (i.e. me).

For now, I've just created symlinks from /srv/git into /home/git which 
allows cloning over SSH to work how I'd expect. I also created a 
interactive command under git-shell-commands/ that will create a new 
repository in /srv/git and also automatically generate the symlinks into 
/home/git. It feels a bit hacky, but it works!

Re: git-shell default working directory

[Greg Anders]

Just wanted to follow up one more time on this: I decided to give 
gitolite a look and am extremely impressed! It was quite easy to set up 
and does exactly what I want and quite a bit more!

Just wanted to provide a glowing recommendation for anyone else 
considering doing their own git hosting.

Greg