The /etc/repo_shell.cfg configuration file is straightforward:
- [core]
owner=repo
git_root=/var/lib/git
svn_root=/var/lib/svn/repositories
+ git_acl_file=/var/lib/git/.gitacls
The owner field denotes the user that owns all repositories. The git_root and
svn_root fields identify the path to the respective repositories. The latter
svnadmin create --fs-type fsfs <svn_root>/newreponame
git --git-dir <git_root>/newrepopath.git init --bare
+Please see the svncreate for an example helper script for subversion repository
+creation.
+
To use external viewers that directly interrogate the repository, the simplest
solution is to have those viewers run as another user belonging to the owner's
primary group. In this case, in the examples above, a umask of 027 is
activating svnperms.conf for branch-based commit control. These are suggestions
outside the scope of the repo_shell program itself.
-Access controls for git are envisioned to be incorporated into repo_shell. They
-aren't at this time, and any developer has read-write access to any git
-repository.
+Access controls for git repositories uses a feature built-into repo_shell. The
+/etc/repo_shell.cfg file lists a parameter git_acl_file, which should be set to
+the name of the git acl file. A recommended name is /var/lib/git/.gitacls, with
+permissions 0400. See git_acl.cfg.example for information on the format of this
+file, which is similar in concept, but different, than subversion's authz.conf
+file format.