單純使用 SSH 架設可見此篇: Linux 架設使用 SSH 共享存取的 Git Server
想要控管 User / Project 權限的話(限制某些 User 只能存取某些 Project), 則需要靠 Gitosis 或 Gitolite 等套件來協助.
- gitosis - git repository hosting application
- gitolite - SSH-based gatekeeper for git repositories
此篇主要寫的是 Gitosis 架設, 若之前已經有依照上述文章架設共享存取的 Git Server, 而 Gitosis 也想用 git 的帳號來管理, 則需做下述動作先改回原始設定.
註: 此文會用 gitosis 的帳號來管理, 不會用 git 帳號, 所以不需要做下述更改的動作
- vim /etc/passwd
git:x:1000:1000::/home/git:/usr/bin/git-shell
改回
git:x:1000:1000::/home/git:/bin/sh - mv /home/git/.ssh/authorized_keys /home/git/.ssh/authorized_keys.bak
相關資料準備
- 系統: Debian / Ubuntu Linux
- Server Domain name: example.com
- Project name: project_name
- Gitosis (Git) Repository 位置: /srv/gitosis/repositories # Debian / Ubuntu Linux 套件預設位置
- Group name: myteam
系統套件安裝
- apt-get install gitosis git-core
- 說明文件: /usr/share/doc/gitosis/README.Debian # 依照說明文件, 重點就下述兩個步驟即可完成.
- sudo -H -u gitosis gitosis-init < SSH_KEY.pub
- git clone gitosis@localhost:gitosis-admin.git
產生 SSH 公鑰
- ssh-keygen -t rsa # 產生 id_rsa, id_rsa.pub
- mv id_rsa ~/.ssh/ # 將 id_rsa 放在 ~/.ssh/ 內.
- scp id_rsa.pub example.com:/tmp/id_rsa_user1.pub # 將 id_rsa.pub 丟到 Server 上, 大家的 public key 都需要傳到 Server 上.
- scp id_rsa.pub example.com:/tmp/id_rsa_admin.pub # 管理者的 key 同 user key, 在此設為 id_rsa_admin.pub, 避免下述內容造成混淆.
Gitosis Server 架設
- ssh example.com # Git Server
- sudo -H -u gitosis gitosis-init < /tmp/id_rsa_admin.pub # 會出現下述訊息, 即代表完成
Initialized empty Git repository in /srv/gitosis/repositories/gitosis-admin.git/
Reinitialized existing Git repository in /srv/gitosis/repositories/gitosis-admin.git/ - ls -lh /srv/gitosis/repositories/gitosis-admin.git/hooks/post-update # 確認是否有執行的權限 755 or 777, 沒有請自行 chmod 設定
Gitosis Server 設定專案、新增帳號
- Gitosis 的專案權限 / 帳號管理 是使用 Git 來管理, 專案名稱: gitosis-admin.git
- git clone gitosis@localhost:gitosis-admin.git # 因為 Gitosis 是用 gitosis-admin.git 來管理, 所以需要抓下來修改、設定(未來所有管理也是如此)
- cd gitosis-admin # 會看到下述
- gitosis.conf # 設定檔, 設定誰可以讀寫哪個專案的 Repository
- keydir # 目錄, 放每個帳號的 public key. 放置的檔案命名: user1.pub, user2.pub (user1, user2.. 為帳號名稱, 請自行修改)
新增帳號
- cp /tmp/id_rsa_user1.pub keydir/user1.pub # 請依照實際帳號命名, 不要取 user1, user2
- cp /tmp/id_rsa_user2.pub keydir/user2.pub
- git add keydir/user1.pub keydir/user2.pub
- git commit -m 'add user1, user2 public key'
- git push
- 注意: gitosis 認定的帳號, 是 id_rsa.pub 最後面 "xxx@example.com", 以 @ 前面的 "xxx" 為帳號(此帳號也是 gitosis 設定的帳號), 若帳號不同, git push 就會出現如下述的錯誤
ERROR:gitosis.serve.main:Repository read access denied
fatal: The remote end hung up unexpectedly
設定專案權限
- vim gitosis.conf # 會看到下述, 不要動他, 於最下方設定自己的 Group / 專案名稱即可.
[group gitosis-admin]
writable = gitosis-admin
members = admin@example.com - 增加下述, myteam 是 group name, 此 group 有 user1, user2 的使用者, 可以寫入 project_name.git 的專案
[group myteam]
writable = project_name
member = user1 user2 - git commit -m 'add user1, user2 write access to project_name' -a
- git push
建立專案
- cd ~/
- mkdir project_name
- cd project_name
- git init
- git remote add origin gitosis@example.com:project_name.git # gitosis 會自行於 /srv/gitosis/repositories 新增
- touch readme
- git add .
- git commit -m 'initial'
- git push origin master:refs/heads/master # 或 git push origin master
gitosis.conf 更多設定條件
下述摘錄自: Gitosis - ArchWiki
[gitosis]
gitweb = yes[repo foobar]
description = git repository for foobar
owner = user[group devs]
members = user1 user2[group admins]
members = user1[group gitosis-admin]
writable = gitosis-admin
members = @admins[group foobar]
writable = foobar
members = @devs[group myteam]
writable = free_monkey
members = jdoe
下述摘錄自: Pro Git 服務器上的 Git 權限管理器 Gitosis
[group mobile]
writable = iphone_project
members = scott josie jessica[group mobile_ro]
readonly = iphone_project
members = john
開放 Gitosis 公開存取
- sudo -u gitosis git-daemon --base-path=/srv/gitosis/repositories/ --export-all
常用命令
下述全部都在 gitosis-admin.git 內操作
新增帳號
- cp /tmp/id_rsa_user1.pub keydir/user1.pub
- vim gitosis.conf # 增加 members
設定專案
- vim gitosis.conf # 增加 group、writeable 的項目
新增專案
- mkdir project_name; cd project_name
- git init
- git remote add origin gitosis@example.com:project_name.git
- git commit
- git push origin master