Using Gitosis

Gitosis is a light-weight program that allows you to easily automate the running of a git server. It controls whatever git repositories you want (you can add as many as you want), and controls who can clone which repositories and who can push to them as well.

The gitosis administration is conveniently managed by git itself. Changes to gitosis (such as adding a new user to access or adding a new repository) is controlled by making those changes to the gitosis configuration files, and then doing a git push to the gitosis repository to update the configuration.

If you haven't already, make sure you know how to use gitHere is my tutorial page on using git

This tutorial assumes that gitosis is already set up on your server. I'm going to assume that your user name for the gitosis server is merzberg and the server address is git.hpc.ufl.edu which is the correct settings for the Roitberg/Merz joint gitosis user on the UF git server.

Cloning the gitosis administration repository

All of the gitosis administration is done in a dedicated git repository for this purpose. I think, by default, this repository is called gitosis-admin. So we have to use the command:

git clone ude.lfu.cph.tig|grebzrem#ude.lfu.cph.tig|grebzrem:gitosis-admin.git

This should create a gitosis-admin/ directory with a gitosis.conf file and a keydir/ directory. gitosis.conf contains a list of all of the repositories along with who is allowed to access them. In a brand new gitosis repository, the gitosis.conf file will resemble this:

[gitosis]

[group gitosis-admin]
writable = gitosis-admin
members = swails roberts

This says that there is one group, gitosis-admin, and they can write to the gitosis-admin repository. In this case, swails and roberts are gitosis administrators and can modify this repository. In order to define users swails and roberts, these users must have public keys in the keydir/ folder named swails.pub and roberts.pub. They will only be recognized if they log in from a computer that has the private pair to this public key.

Filling the new repository

So you've already created the repository in gitosis, but now you want to fill it with the actual repository (for example, ScriptDevel).  In this case, you need to create a new repository if you don't already have one using git init — see the git tutorial for more details.
Then, you should add this server as a remote (see the git tutorial for more details):
git remote add ufhpc ude.lfu.cph.tig|grebzrem#ude.lfu.cph.tig|grebzrem:ScriptDevel.git
Then, you should push your repository to this location (as a general rule, be on the master branch for this):
git push ufhpc master
Now your repository exists on your git server!  If you want to set your master branch up to track this new repository you just created (so that any git push or git pull command will connect with this repository), use the command
git branch —set-upstream master ufhpc/master
(Note, this will not work with git versions 1.5.x and older).

Adding a New Repository

To add a new repository, you need to add a new group to that repository that can write to it, then you have to assign members. You have to modify the gitosis.conf file and add a section like

[group ScriptDevel]
writable = ScriptDevel
members = swails roberts bmiller roitberg bradak kalstein dmcgee ucisik dkchaks1 ndirusso

So the modified gitosis.conf file from the first step should look like this:

[gitosis]

[group gitosis-admin]
writable = gitosis-admin
members = swails roberts

[group ScriptDevel]
writable = ScriptDevel
members = swails roberts bmiller roitberg bradak kalstein dmcgee ucisik dkchaks1 ndirusso

(and again, the keydir/ directory should have a swails.pub, roberts.pub, bmiller.pub, etc. for all users defined here).

Giving somebody access

If you wish to give somebody access to a git repository, you first need an ssh key from them (the public key). Take their public key and put it in a file called username.pub where user name is something you will use to identify them in the gitosis.conf file — they will never see this user name.

Then, modify the gitosis.conf file and add them to the members line of any repository you want to add them to. Make sure you do not add a new-line, as all users are expected to be on the same members line.

Giving read-only access

Suppose you want to give a group of people only access to read from a repository (so they can pull and fetch, but they cannot push). In that case, you have to define a new group that has the attribute readable instead of writable. For instance, to give n00b and n00bst3r read-only access to the ScriptDevel repository, we need to add a new group for that, like the following:

[group ScriptDevel_readonly]
readonly = ScriptDevel
members = n00b n00bst3r

So the full file, since the last example, will look like the following:

[gitosis]

[group gitosis-admin]
writable = gitosis-admin
members = swails roberts

[group ScriptDevel]
writable = ScriptDevel
members = swails roberts bmiller roitberg bradak kalstein dmcgee ucisik dkchaks1 ndirusso

[group ScriptDevel_readonly]
readonly = ScriptDevel
members = n00b n00bst3r
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License