| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107 |
- git-shell(1)
- ============
- NAME
- ----
- git-shell - Restricted login shell for Git-only SSH access
- SYNOPSIS
- --------
- [verse]
- 'chsh' -s $(command -v git-shell) <user>
- 'git clone' <user>`@localhost:/path/to/repo.git`
- 'ssh' <user>`@localhost`
- DESCRIPTION
- -----------
- This is a login shell for SSH accounts to provide restricted Git access.
- It permits execution only of server-side Git commands implementing the
- pull/push functionality, plus custom commands present in a subdirectory
- named `git-shell-commands` in the user's home directory.
- COMMANDS
- --------
- 'git shell' accepts the following commands after the `-c` option:
- 'git receive-pack <argument>'::
- 'git upload-pack <argument>'::
- 'git upload-archive <argument>'::
- Call the corresponding server-side command to support
- the client's 'git push', 'git fetch', or 'git archive --remote'
- request.
- 'cvs server'::
- Imitate a CVS server. See linkgit:git-cvsserver[1].
- If a `~/git-shell-commands` directory is present, 'git shell' will
- also handle other, custom commands by running
- "`git-shell-commands/<command> <arguments>`" from the user's home
- directory.
- INTERACTIVE USE
- ---------------
- By default, the commands above can be executed only with the `-c`
- option; the shell is not interactive.
- If a `~/git-shell-commands` directory is present, 'git shell'
- can also be run interactively (with no arguments). If a `help`
- command is present in the `git-shell-commands` directory, it is
- run to provide the user with an overview of allowed actions. Then a
- "git> " prompt is presented at which one can enter any of the
- commands from the `git-shell-commands` directory, or `exit` to close
- the connection.
- Generally this mode is used as an administrative interface to allow
- users to list repositories they have access to, create, delete, or
- rename repositories, or change repository descriptions and
- permissions.
- If a `no-interactive-login` command exists, then it is run and the
- interactive shell is aborted.
- EXAMPLES
- --------
- To disable interactive logins, displaying a greeting instead:
- ----------------
- $ chsh -s /usr/bin/git-shell
- $ mkdir $HOME/git-shell-commands
- $ cat >$HOME/git-shell-commands/no-interactive-login <<\EOF
- #!/bin/sh
- printf '%s\n' "Hi $USER! You've successfully authenticated, but I do not"
- printf '%s\n' "provide interactive shell access."
- exit 128
- EOF
- $ chmod +x $HOME/git-shell-commands/no-interactive-login
- ----------------
- To enable git-cvsserver access (which should generally have the
- `no-interactive-login` example above as a prerequisite, as creating
- the git-shell-commands directory allows interactive logins):
- ----------------
- $ cat >$HOME/git-shell-commands/cvs <<\EOF
- if ! test $# = 1 && test "$1" = "server"
- then
- echo >&2 "git-cvsserver only handles \"server\""
- exit 1
- fi
- exec git cvsserver server
- EOF
- $ chmod +x $HOME/git-shell-commands/cvs
- ----------------
- SEE ALSO
- --------
- ssh(1),
- linkgit:git-daemon[1],
- contrib/git-shell-commands/README
- GIT
- ---
- Part of the linkgit:git[1] suite
|
