diff options
| author | Craig Jennings <c@cjennings.net> | 2024-04-07 13:41:34 -0500 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2024-04-07 13:41:34 -0500 |
| commit | 754bbf7a25a8dda49b5d08ef0d0443bbf5af0e36 (patch) | |
| tree | f1190704f78f04a2b0b4c977d20fe96a828377f1 /devdocs/git/git-shell.html | |
new repository
Diffstat (limited to 'devdocs/git/git-shell.html')
| -rw-r--r-- | devdocs/git/git-shell.html | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/devdocs/git/git-shell.html b/devdocs/git/git-shell.html new file mode 100644 index 00000000..75ca370a --- /dev/null +++ b/devdocs/git/git-shell.html @@ -0,0 +1,24 @@ +<h1>git-shell</h1> <h2 id="_name">Name</h2> <div class="sectionbody"> <p>git-shell - Restricted login shell for Git-only SSH access</p> </div> <h2 id="_synopsis">Synopsis</h2> <div class="sectionbody"> <div class="verseblock"> <pre class="content">chsh -s $(command -v git-shell) <user> +git clone <user>@localhost:/path/to/repo.git +ssh <user>@localhost</pre> </div> </div> <h2 id="_description">Description</h2> <div class="sectionbody"> <p>This is a login shell for SSH accounts to provide restricted Git access. It permits execution only of server-side Git commands implementing the pull/push functionality, plus custom commands present in a subdirectory named <code>git-shell-commands</code> in the user’s home directory.</p> </div> <h2 id="_commands">Commands</h2> <div class="sectionbody"> <p><code>git shell</code> accepts the following commands after the <code>-c</code> option:</p> <div class="dlist"> <dl> <dt class="hdlist1" id="Documentation/git-shell.txt-emgitreceive-packltargumentgtem"> <em>git receive-pack <argument></em> </dt> <dt class="hdlist1" id="Documentation/git-shell.txt-emgitupload-packltargumentgtem"> <em>git upload-pack <argument></em> </dt> <dt class="hdlist1" id="Documentation/git-shell.txt-emgitupload-archiveltargumentgtem"> <em>git upload-archive <argument></em> </dt> <dd> <p>Call the corresponding server-side command to support the client’s <code>git push</code>, <code>git fetch</code>, or <code>git archive --remote</code> request.</p> </dd> <dt class="hdlist1" id="Documentation/git-shell.txt-emcvsserverem"> <em>cvs server</em> </dt> <dd> <p>Imitate a CVS server. See <a href="git-cvsserver">git-cvsserver[1]</a>.</p> </dd> </dl> </div> <p>If a <code>~/git-shell-commands</code> directory is present, <code>git shell</code> will also handle other, custom commands by running "<code>git-shell-commands/<command> <arguments></code>" from the user’s home directory.</p> </div> <h2 id="_interactive_use">Interactive use</h2> <div class="sectionbody"> <p>By default, the commands above can be executed only with the <code>-c</code> option; the shell is not interactive.</p> <p>If a <code>~/git-shell-commands</code> directory is present, <code>git shell</code> can also be run interactively (with no arguments). If a <code>help</code> command is present in the <code>git-shell-commands</code> directory, it is run to provide the user with an overview of allowed actions. Then a "git> " prompt is presented at which one can enter any of the commands from the <code>git-shell-commands</code> directory, or <code>exit</code> to close the connection.</p> <p>Generally this mode is used as an administrative interface to allow users to list repositories they have access to, create, delete, or rename repositories, or change repository descriptions and permissions.</p> <p>If a <code>no-interactive-login</code> command exists, then it is run and the interactive shell is aborted.</p> </div> <h2 id="_examples">Examples</h2> <div class="sectionbody"> <p>To disable interactive logins, displaying a greeting instead:</p> <div class="listingblock"> <div class="content"> <pre data-language="shell-session">$ chsh -s /usr/bin/git-shell +$ mkdir $HOME/git-shell-commands +$ cat >$HOME/git-shell-commands/no-interactive-login <<\EOF +#!/bin/sh +printf '%s\n' "Hi $USER! You've successfully authenticated, but I do not" +printf '%s\n' "provide interactive shell access." +exit 128 +EOF +$ chmod +x $HOME/git-shell-commands/no-interactive-login</pre> </div> </div> <p>To enable git-cvsserver access (which should generally have the <code>no-interactive-login</code> example above as a prerequisite, as creating the git-shell-commands directory allows interactive logins):</p> <div class="listingblock"> <div class="content"> <pre data-language="shell-session">$ cat >$HOME/git-shell-commands/cvs <<\EOF +if ! test $# = 1 && test "$1" = "server" +then + echo >&2 "git-cvsserver only handles \"server\"" + exit 1 +fi +exec git cvsserver server +EOF +$ chmod +x $HOME/git-shell-commands/cvs</pre> </div> </div> </div> <h2 id="_see_also">See also</h2> <div class="sectionbody"> <p>ssh(1), <a href="git-daemon">git-daemon[1]</a>, contrib/git-shell-commands/README</p> </div><div class="_attribution"> + <p class="_attribution-p"> + © 2012–2024 Scott Chacon and others<br>Licensed under the MIT License.<br> + <a href="https://git-scm.com/docs/git-shell" class="_attribution-link">https://git-scm.com/docs/git-shell</a> + </p> +</div> |