Tag Archives: gitosis

Using Git without Shell Access

If you want to host a Git repository there should normally be no shell access for all the people that need access to the repositories. So far many people have used gitosis to achieve this. Now there is a “new kid on the block”, called gitolite. I have not really used it in practice so far, but the added functionality looks promising and I also like the fact that it’s written in Perl. There is also a chapter about it in the Pro Git book.

Scripts for gitosis

gitosis is a nice program for hosting git repositories without having to give regular access to users. Using SSH under the covers, it basically acts as a special shell, thus limiting access to git. There are a number of nice tutorials available that explain how to make things work. I particularly liked this one. However, there is a lot of manual steps involved and a lot of errors can happen. I have therefore spent some time and started writing a few shell scripts that provide a more comfortable interface. At the moment the following scripts exist:

  • gitosis-init.sh : Initializes gitosis and “installs” a regular user (not git or gitosis) for further admin work. This needs to be executed locally on the machine that runs gitosis. In order to avoid password hazzle, it is recommended to run it as root. Alternatively you can run it as the gitosis user. However, this mode has not been tested well so far. Any feedback is highly welcome.
  • gitosis-add-repo.sh : Puts an existing local git repository into a remote gitosis repository.

The following scripts are currently planned for the future (other ideas are welcome!):

  • Add user to gitosis (copy SSH public key over)
  • Add user to repo (read/write access)

Download: gitosis-scripts.tgz

Please note that the scripts were written on Debian Lenny (v5) and so far only tested on this system. For more detailed instructions please check out the man pages (also included in the scripts).

[Update 2010-01-03: You may also want to check on gitolite, which is a gitosis rewrite in Perl with far more granular access control.]