In a collaborative development environment, as can be to a company that wants its customers to consult the code as it develops, often we want to be able to control access for both read and write permissions to your code repositories. In the git world, gitosis offers us a way to create these controls in a more easy way.
Gitosis is a tool that gives us the ability to control access to Git repositories, and may give read and write access, or deny all type. This is very interesting when, as in our case, we provide access to a client application code while it is developing (you give read-only access and denied access to any other project repository). Gitosis manages multiple repositories with a single server user account, using SSH keys to identify users. Therefore, for the users, is not necessary to have a user account on the server, because the access control manage is completely transparent to them.
Enough talk, let's go to the party!
Note: All examples that you see below are made with Ubuntu and a Debian server, but I think that it's useful for any Linux distribution. Gitosis is written in Python, so it will be necessary to have it installed on your system, in addition to the
First of all, you have to download and install gitosis in your server. Gitosis software is managed with Git, so descargarnoslo is as simple as:
git clone git://eagain.net/gitosis.git
After the download, let's do the installation:
cd gitosis python setup.py install
After this, we must create a user account on the server to handle the whole thing: name git and home directory
sudo adduser --system --shell /bin/sh --gecos 'git version control' --group --disabled-password --home /home/git git
To continue the installation you must have a user certificate in the computer where we develop our projects. If you do not have any, create one from this machine:
ssh-keygen -t rsa
The public key will be in
$HOME/.ssh/id_rsa.pub. Copy this file to the server where you installed gitosis (eg in
/tmp). After, execute this command on the server:
sudo -H -u git gitosis-init < /tmp/id_rsa.pub
This initialize gitosis with your key. To see if it has gone well, you should get the following message on the screen:
Initialized empty Git repository in ./ Initialized empty Git repository in ./
Before they finished the tasks on the server, we change some permissions on a hook to prevent some problems:
sudo chmod 755 /home/git/repositories/gitosis-admin.git/hooks/post-update
Once done, we will have completed the tasks on the server. Then open a terminal in your development computer and execute:
git clone git@YOUR_SERVER:gitosis-admin.git cd gitosis-admin
Now, we have everything you need to work with gitosis and create new repositories for our projects and adding new users. We will make changes in the configuration file, we will commit and push the changes, and then, gitosis, as if by magic, will create the new repository, modify the permissions, etc. transparently and effortlessly.
We will see examples of both of this: create repositories and add new users.
Create new repositories
Before you begin, go to the directory where we cloned gitosis and take a look at the default configuration file,
[gitosis] [group gitosis-admin] writable = gitosis-admin members = ramon@ramon-laptop
The line of members is a combination of your user name and the name of your machine (hostname). It seems easy to see how to create new repositories, right? Then get to work.
To create a new repository, just need to give write permissions and make an initial push. We started writing this in our configuration file:
[group big_project_team] members = ramon@ramon-laptop writable = big_project
We just define a new group called "big_project_team" (it's an identification name), with a member and has write permission to the repository "big_project".
At this point, you must save the changes, commit and push.
git commit -a -m "Allow ramon write access to big_project" git push
This just give write permission, but have not yet created a repository on the server. What you need to do is create it and make a push:
mkdir big_project cd big_project git init git remote add origin git@YOUR_SERVER:big_project.git # make some changes in files and then git add and commit git push origin master:refs/heads/master
Once the push is finished, the repository will be created automatically on the server and we can start using it as if it were a normal repository.
Adding new users
Finally, we just see how we can add new users in projects/repositories, and give them different access levels.
We want to add a user and we assume that we have his public key (eg
marta.pub and name
marta@laptop). Then just add the key in gitosis and set up access:
cd gitosis-admin cp /tmp/marta.pub keydir/ git add keydir/marta.pub
Now we need to give access, for example, to the project we created in the previous section. Open the
gitosis.conf file and modify the relevant section:
[group big_project_team] members = ramon@ramon-laptop marta@laptop writable = big_project
Once done, just need to commit and push:
git commit -a -m "Allow Marta write access to big_project" git push
And then, she will be able to clone the repository from her machine by running the command:
git clone git@YOUR_SERVER:big_project.git
At this point, I can only say "try" and if you have any doubt or question, leave a comment. At the time I relied on this article to learn how to configure it and I followed it for making this post.