1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
<h1>git-shell</h1> <h2 id="_name">Name</h2> <div class="sectionbody"> <p>git-shell - Restricted login shell for Git-only SSH access</p> </div> <h2 id="_synopsis">Synopsis</h2> <div class="sectionbody"> <div class="verseblock"> <pre class="content">chsh -s $(command -v git-shell) <user>
git clone <user>@localhost:/path/to/repo.git
ssh <user>@localhost</pre> </div> </div> <h2 id="_description">Description</h2> <div class="sectionbody"> <p>This is a login shell for SSH accounts to provide restricted Git access. It permits execution only of server-side Git commands implementing the pull/push functionality, plus custom commands present in a subdirectory named <code>git-shell-commands</code> in the user’s home directory.</p> </div> <h2 id="_commands">Commands</h2> <div class="sectionbody"> <p><code>git shell</code> accepts the following commands after the <code>-c</code> option:</p> <div class="dlist"> <dl> <dt class="hdlist1" id="Documentation/git-shell.txt-emgitreceive-packltargumentgtem"> <em>git receive-pack <argument></em> </dt> <dt class="hdlist1" id="Documentation/git-shell.txt-emgitupload-packltargumentgtem"> <em>git upload-pack <argument></em> </dt> <dt class="hdlist1" id="Documentation/git-shell.txt-emgitupload-archiveltargumentgtem"> <em>git upload-archive <argument></em> </dt> <dd> <p>Call the corresponding server-side command to support the client’s <code>git push</code>, <code>git fetch</code>, or <code>git archive --remote</code> request.</p> </dd> <dt class="hdlist1" id="Documentation/git-shell.txt-emcvsserverem"> <em>cvs server</em> </dt> <dd> <p>Imitate a CVS server. See <a href="git-cvsserver">git-cvsserver[1]</a>.</p> </dd> </dl> </div> <p>If a <code>~/git-shell-commands</code> directory is present, <code>git shell</code> will also handle other, custom commands by running "<code>git-shell-commands/<command> <arguments></code>" from the user’s home directory.</p> </div> <h2 id="_interactive_use">Interactive use</h2> <div class="sectionbody"> <p>By default, the commands above can be executed only with the <code>-c</code> option; the shell is not interactive.</p> <p>If a <code>~/git-shell-commands</code> directory is present, <code>git shell</code> can also be run interactively (with no arguments). If a <code>help</code> command is present in the <code>git-shell-commands</code> directory, it is run to provide the user with an overview of allowed actions. Then a "git> " prompt is presented at which one can enter any of the commands from the <code>git-shell-commands</code> directory, or <code>exit</code> to close the connection.</p> <p>Generally this mode is used as an administrative interface to allow users to list repositories they have access to, create, delete, or rename repositories, or change repository descriptions and permissions.</p> <p>If a <code>no-interactive-login</code> command exists, then it is run and the interactive shell is aborted.</p> </div> <h2 id="_examples">Examples</h2> <div class="sectionbody"> <p>To disable interactive logins, displaying a greeting instead:</p> <div class="listingblock"> <div class="content"> <pre data-language="shell-session">$ chsh -s /usr/bin/git-shell
$ mkdir $HOME/git-shell-commands
$ cat >$HOME/git-shell-commands/no-interactive-login <<\EOF
#!/bin/sh
printf '%s\n' "Hi $USER! You've successfully authenticated, but I do not"
printf '%s\n' "provide interactive shell access."
exit 128
EOF
$ chmod +x $HOME/git-shell-commands/no-interactive-login</pre> </div> </div> <p>To enable git-cvsserver access (which should generally have the <code>no-interactive-login</code> example above as a prerequisite, as creating the git-shell-commands directory allows interactive logins):</p> <div class="listingblock"> <div class="content"> <pre data-language="shell-session">$ cat >$HOME/git-shell-commands/cvs <<\EOF
if ! test $# = 1 && test "$1" = "server"
then
echo >&2 "git-cvsserver only handles \"server\""
exit 1
fi
exec git cvsserver server
EOF
$ chmod +x $HOME/git-shell-commands/cvs</pre> </div> </div> </div> <h2 id="_see_also">See also</h2> <div class="sectionbody"> <p>ssh(1), <a href="git-daemon">git-daemon[1]</a>, contrib/git-shell-commands/README</p> </div><div class="_attribution">
<p class="_attribution-p">
© 2012–2024 Scott Chacon and others<br>Licensed under the MIT License.<br>
<a href="https://git-scm.com/docs/git-shell" class="_attribution-link">https://git-scm.com/docs/git-shell</a>
</p>
</div>
|
