2

I have a lot of git repositories on my linux (ubuntu) server. I access all of them with the Apache user www-data. This worked great in the past because I was the only web developer. Now I have more developers and I need to restrict their access to some repositories. How do I modify my server/permissions/git repositories to accomodate this?

Let me show you the current process I go through to set up a repository.

To set up a new repository for the project project on myserver.com, I issue the following commands from terminal:

ssh [email protected] password: (password for www-data) cd /var/lib/repositories/ mkdir project.git cd project.git git init --bare git update-server-info cd /var/www/git.myserver.com/ ln -s /var/lib/repositories/project.git project

To deploy the project to the url http://project.myserver.com, I issue the following commands from terminal:

ssh [email protected] password: (password for project) cd /var/www/project.myserver.com/public_html/ git init git remote add origin http://[email protected]/project git pull origin master password: (password for www-data)

The user project needs to know the password for www-data to push and pull from the git repository.

How do I modify my server/permissions/gitrepositories so that I can push and pull as project instead of www-data?

Additional Notes

Here's what the vhost entry for git.myserver.com looks like

<VirtualHost 173.255.230.136:80> ServerAdmin [email protected] ServerName git.myserver.com DocumentRoot /var/www/git.myserver.com/public_html/ ErrorLog /var/www/git.myserver.com/logs/error.log CustomLog /var/www/git.myserver.com/logs/access.log combined </VirtualHost>

The directory /var/lib/git is owned by the www-data user. This way, apache can write to the repos via the symbolic link in /var/www/git.myserver.com/public_html/project via the url http://[email protected]/project

Improve this question
2
  • What's the web server's configuration look like for the git.myserver.com host? And why are you logging on as www-data? Commented Jan 7, 2012 at 6:14
  • Hi Shane, I answered your question in the additional notes. Commented Jan 7, 2012 at 15:16

1 Answer 1

Reset to default
0

First I would have created a separate user for the git login. However that aside, probably the easiest way to manage this is to use something like gitosis which is a simple setup that allows you to do authenticated git access with granular permissions.

This will allow you to give people:

No access, read only, read write. Etc

http://scie.nti.st/2007/11/14/hosting-git-repositories-the-easy-and-secure-way

N.B. just checked the developers site and there are more features in this. Worth looking at for sure https://github.com/sitaramc/gitolite/

Improve this answer
2
  • I have gitosis installed. What I'm afraid about is I don't understand the git clone command. I've been making new directories and using git init --bare to create new repositories. What are the consequences when I use git clone? And how do I convert existing repositories into a state that appears to have been git-clone? Commented Jan 7, 2012 at 15:22
  • When you use git clone you copy the repository from the remote. So you'd want to use clone on existing repositories. git init is for creating new repositories which you then have to add the remote to. If you have existing repositories you should use git clone as init will not be using the existing repo it will be generating a new configuration in your current working directory. Commented Jan 9, 2012 at 17:49

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.