owner = repo
svn_root = /var/lib/svn/repositories
git_root = /var/lib/git
- git_acl_file = /var/lib/git/.gitacls
allowed_interactive =
owner is the system account username which will own all repositories, and is
svn_root and git_root are self-explanatory, being the longest filesystem path
shared by repositories of that type, e.g. their shared root directory.
-git_acl_file is the pathname of a file providing ACL information for git
-repository access, as implemented internally bit repo_shell. A recommended
-pathname is /var/lib/git/.gitacls
-
allow_interactive contains a list of users that may log into the server via SSH,
or that may issue arbitrary commands to the server via SSH. Instead of a list,
the wildcard character '*' can be used to indicate all users. Note that this
If the server is only hosting repositories, there is no reason for users to be
allowed 'interactive' access.
+== allowed_interactive and sudo ==
+
+For users that use repo_shell as a login shell and that also need to run
+commands via sudo as other users, those other users must also be listed in the
+allowed_interactive user list. Otherwise, sudo functionality is effectively
+disabled for such users.
+
= Create owner and paths
In accordance with the settings in /etc/repo_shell.conf:
- adduser --system --group <owner> --home /var/lib/svn \
- --shell /usr/local/bin/repo_shell <owner>
- sudo install -d -o <owner> -g <owner> -m 0755 <svn_root>
- sudo install -d -o <owner> -g <owner> -m 0755 <git_root>
+ sudo adduser --system --group <owner> --home /var/lib/svn \
+ --shell /bin/false <owner>
+ sudo install -d -o <owner> -g <owner> -m 0750 <svn_root>/..
+ sudo install -d -o <owner> -g <owner> -m 0750 <svn_root>
+ sudo install -d -o <owner> -g <owner> -m 0750 <git_root>
= Configure subversion repository ACLs
= Configure git repository ACLs
-Git repository access control is managed by the git acl file, nominally located
-at {git_root}/.gitacls. This file has a format similar but not exactly like
-Subversion's authz file. The file defines one of three levels of access for
-various combinations of users and repositories, then compared to the git command
-arriving via SSH to determine if the access will be allowed. Please see
-README.gitacls for more information.
+Git repository access control is managed by the git acl file, located at
+{git_root}/.gitacls (git_root is defined in /etc/repo_shell.conf). This file
+has a format similar but not exactly like Subversion's authz file. The file
+defines one of three levels of access for various combinations of users and
+repositories, then compared to the git command arriving via SSH to determine if
+the access will be allowed. Please see README.gitacls for more information.
= Create a subversion repository
sudo -u repo gitcreate mirrors/tinyos/tinyos-main.git
+If a subdirectory path being requested doesn't already exist, the script will
+ask the operator if it is OK to create it. To automatically create non-existent
+subdirectory paths, add the -y option:
+
+ sudo -u repo gitcreate -y mirrors/tinyos/tinyos-main.git
+
= Configuring user accounts
Each user to access repositories via client side tools need an account on the