= Configure /etc/repo_shell.cfg
-The file /etc/repo_shell.cfg must contain certain fields:
+The file /etc/repo_shell.cfg must contain certain fields as shown in the example
+below. The spaces surrounding the equal sign ('=') are optional.
- owner=repo
- svn_root=/var/lib/svn/repositories
- git_root=/var/lib/git
- git_acl_file=/var/lib/git/.gitacls
+ owner = repo
+ svn_root = /var/lib/svn/repositories
+ git_root = /var/lib/git
+ git_acl_file = /var/lib/git/.gitacls
+ allowed_interactive =
owner is the system account username which will own all repositories, and is
preferaby a system account used for no other purpose. Use the adduser or
repository access, as implemented internally bit repo_shell. A recommended
pathname is /var/lib/git/.gitacls
+allow_interactive contains a list of users that may log into the server via SSH,
+or that may issue arbitrary commands to the server via SSH. Instead of a list,
+the wildcard character '*' can be used to indicate all users. Note that this
+only affects users that have /usr/local/bin/repo_shell as their login shell.
+If the server is only hosting repositories, there is no reason for users to be
+allowed 'interactive' access.
+
= Create owner and paths
-In accordance with the contents of /etc/repo_shell.cfg:
+In accordance with the settings in /etc/repo_shell.conf:
- adduser --system --group repo --home /var/lib/svn \
- --shell /usr/local/bin/repo_shell repo
- sudo install -d -o repo -g repo -m 0755 /var/lib/svn/repositories
- sudo install -d -o repo -g repo -m 0755 /var/lib/git
+ adduser --system --group <owner> --home /var/lib/svn \
+ --shell /usr/local/bin/repo_shell <owner>
+ sudo install -d -o <owner> -g <owner> -m 0755 <svn_root>
+ sudo install -d -o <owner> -g <owner> -m 0755 <git_root>
= Configure subversion repository ACLs