owner = repo
svn_root = /var/lib/svn/repositories
git_root = /var/lib/git
- git_acl_file = /var/lib/git/.gitacls
allowed_interactive =
owner is the system account username which will own all repositories, and is
svn_root and git_root are self-explanatory, being the longest filesystem path
shared by repositories of that type, e.g. their shared root directory.
-git_acl_file is the pathname of a file providing ACL information for git
-repository access, as implemented internally bit repo_shell. A recommended
-pathname is /var/lib/git/.gitacls
-
allow_interactive contains a list of users that may log into the server via SSH,
or that may issue arbitrary commands to the server via SSH. Instead of a list,
the wildcard character '*' can be used to indicate all users. Note that this
= Configure git repository ACLs
-Git repository access control is managed by the git acl file, nominally located
-at {git_root}/.gitacls. This file has a format similar but not exactly like
-Subversion's authz file. The file defines one of three levels of access for
-various combinations of users and repositories, then compared to the git command
-arriving via SSH to determine if the access will be allowed. Please see
-README.gitacls for more information.
+Git repository access control is managed by the git acl file, located at
+{git_root}/.gitacls (git_root is defined in /etc/repo_shell.conf). This file
+has a format similar but not exactly like Subversion's authz file. The file
+defines one of three levels of access for various combinations of users and
+repositories, then compared to the git command arriving via SSH to determine if
+the access will be allowed. Please see README.gitacls for more information.
= Create a subversion repository
-Git ACLs are defined in the git_acl_file, whose location is defined within the
-/etc/repo_shell.conf configuration file. This file is similar in passing to the
-Subversion authz.conf file format as defined in
-http://svnbook.red-bean.com/en/1.7/svn.serverconfig.pathbasedauthz.html.
+Git ACLs are defined in the .gitacls file, which must exist in the {git_root}
+directory specified in the /etc/repo_shell.conf file.
The file has three section types:
Note that while the last example above is valid, it seems an unlikely use
case where one would want to define access permissions to a repsitory based
- upo the first letter of the username.
+ upon the first letter of the username.
#define CFG_FILE "/etc/repo_shell.conf"
#define SHELL "/bin/bash"
+#define GIT_ACL_FILE ".gitacls"
typedef struct {
char *user;
return narg;
}
-static char *add_prefix(char *prefix, char* arg)
+static char *add_prefix(const char *prefix, const char* arg)
{
- char *narg = arg;
+ char *narg;
int i;
if (arg && prefix && (i = strlen(prefix))) {
if (!strcmp(name, "svn_root"))
pconfig->svn_root = xstrdup(value);
- else if (!strcmp(name, "git_root"))
+ else if (!strcmp(name, "git_root")) {
pconfig->git_root = xstrdup(value);
- else if (!strcmp(name, "owner"))
+ pconfig->git_acl_file = add_prefix(value, GIT_ACL_FILE);
+ } else if (!strcmp(name, "owner"))
pconfig->owner = xstrdup(value);
- else if (!strcmp(name, "git_acl_file"))
- pconfig->git_acl_file = xstrdup(value);
else if (!strcmp(name, "allow_interactive"))
pconfig->allow_interactive = str_has_word(value, pconfig->user);
else
# gitcreate is part of the repo_shell distribution.
eval $(sed -e 's| ||g' < /etc/repo_shell.conf)
-if [ -z "$owner" -o -z "$git_root" -o -z "$git_acl_file" ]; then
+if [ -z "$owner" -o -z "$git_root" ]; then
echo "$0: please configure /etc/repo_shell.conf"
fi
+gitacls="$git_root/.gitacls"
if [ "$(whoami)" != "$owner" ]; then
echo "$0: must run as user $owner" >&2
git --git-dir "$git_root/$1" init --bare
[ $? -ne 0 ] && exit 1
-echo "Repository created.
-Be sure to edit $git_acl_file to allow user access, if needed."
+[ -f "$gitacls" ] && echo "Check $gitacls for proper access permissions"
+echo "Repository created."
+[ ! -f "$gitacls" ] && echo "WARNING: $gitacls DOES NOT EXIST!"
exit 0