Build Gitolite on Linux servers to implement permissions control on Git server's repository

Source: Internet
Author: User
Tags file permissions git clone

First, the environment introduction:

1.1Git Account Management Machine Manage
ip:10.0.0.56

[[email protected] ~]# cat /etc/redhat-release CentOS release 6.7 (Final)[[email protected] ~]# hostnamemanage[[email protected] ~]# tail -2 /etc/hosts10.0.0.56 manage10.0.0.11 git-server

1.2.git Remote Repository Git-server
Git remote repository ip:10.0.0.11

[[email protected] ~]# cat /etc/redhat-release CentOS release 6.7 (Final)[[email protected] ~]# hostnamegit-server[[email protected] ~]# tail -2 /etc/hosts10.0.0.11 git-server10.0.0.56 server
Second, installation deployment 2.1 on the GIT Account Management machine (10.0.0.56) operation:

2.1.1 Installing git
[email protected] ~]# Yum install Git–y

2.1.2 Creating public and private keys
The GIT account administrator needs to create an SSH public/private key pair on its own machine (10.0.0.56).

Ssh-keygen-f ~/.ssh/git-admin

[email protected] ~]# LL. ssh/
Git-admin git-admin.pub known_hosts
2.1.3 Configuring config file
To facilitate management and avoid confusion with other public key keys, first configure the next SSH client file ~/.ssh/config,
You can use a specific public key when connecting to a host by creating a host alias. For example, the following configuration in the ~/.ssh/config file

[[email protected] ~]# cat .ssh/config host git-server  user git  hostname 10.0.0.11  port 22  identityfile ~/.ssh/git-admin

Copy the public key on the 10.0.0.56 administrator machine to the Git-server (10.0.0.11) server,

[[email protected] ~]# scp .ssh/git-admin.pub git-server:/tmp/

Tips:
Note that the sshd port of the 1.git-server machine must be Port 22, otherwise the failed key will be committed when the Git commit code is configured
Note 2. Git account Management machine Manage (10.0.0.56) on the/root/.ssh/config file permissions must be 600, or in the subsequent addition of public key, will be error, prompt permission does not allow

[[email protected] ~]# ll /root/.ssh/config-rw-rw-r-- 1 root root 99 Mar 29 11:28 /root/.ssh/config[[email protected] ~]# chmod 600 /root/.ssh/config[[email protected] ~]# ll /root/.ssh/config -rw------- 1 root root 99 Mar 29 11:28 /root/.ssh/config
2.2 Operating on the Git-server Remote repository machine:

Install Gitolite software on the git-server git Remote repository (ip:10.0.0.11) machine to manage Git repository accounts
Install git in git-server git remote repository
Reference Documentation:
Http://blog.sina.com.cn/s/blog_4b5039210102e3r3.html

Description
Gitolite is actually a git repository, first installed on the Git-server machine, on the client side manage machine on the server repository clone down, make some local changes, Push back to the server,server end of the hooks will update the permissions based on the configuration of the push.
To operate on Git-server:

2.2.1 Creating a git user on the Git-server machine

useradd gitpasswd  git 123456

2.2.2 Install git and download gitolite on Git-server

Download the Gitolite package under Git's user directory:

[[email protected] ~]# yum install git -y [[email protected] ~]# su - git[[email protected] ~]$ git clone https://github.com/sitaramc/gitoliteInitialized empty Git repository in /home/git/gitolite/.git/ remote: Counting objects: 9385, done.remote: Total 9385 (delta 0), reused 0 (delta 0), pack-reused 9385Receiving objects: 100% (9385/9385), 2.96 MiB | 95 KiB/s, done.Resolving deltas: 100% (5805/5805), done.

2.2.3 Installation Gitolite

[[email protected] ~]$ mkdir bin[[email protected] ~]$ gitolite/install -to $HOME/bin[[email protected] ~]$ lsbin  gitolite[[email protected] ~]$ cd bin[[email protected] bin]$ lscommands  gitolite  gitolite-shell  lib  syntactic-sugar  triggers  VERSION  VREF

Generates a gitolite executable file under the bin

The Git-admin.pub public key must first be copied to the git-server10.0.0.11 machine on the 10.0.0.56 machine.

[[email protected] ~]# scp .ssh/git-admin.pub git-server:/tmp/git-admin.pub[[email protected] bin]$ gitolite setup -pk /tmp/git-admin.pub[[email protected] ~]$ cd bin/[[email protected] bin]$ lsgitolite[[email protected] bin]$ gitolite setup -pk /tmp/git-admin.pubInitialized empty Git repository in /home/git/repositories/gitolite-admin.git/Initialized empty Git repository in /home/git/repositories/testing.git/WARNING: /home/git/.ssh missing; creating a new one    (this is normal on a brand new install)WARNING: /home/git/.ssh/authorized_keys missing; creating a new one    (this is normal on a brand new install)[[email protected] bin]$

This command generates two Repository:gitolite-admin.git and testing.git in your ~/repositories/directory

[[email protected] ~]$ cd repositories/[[email protected] repositories]$ lsgitolite-admin.git  testing.git[[email protected] bin]$ ll /home/git/repositories/total 8drwx------ 8 git git 4096 Jul 23 15:53 gitolite-admin.gitdrwx------ 7 git git 4096 Jul 23 15:53 testing.git

The user directory generates a project.list with a testing git project in the default

[[email protected] ~]$ more projects.list testing.git

Here Gitolite installation is complete!

2.3 Again back to operate on the Manage End machine:

Clone the Gitolite-admin to manage account management machine on the Git-server version library
!!! Attention:

命令一定要是git clone git-server:gitolite-admin而不是:git clone git-server:/home/git/repositories/gitolite-admin更不是:git clone git-server:gitolite-admin.git

[[email protected] ~]# git clone git-server:gitolite-admin

Prompt error:

[[email protected] ~]#  git clone git-server:gitolite-adminInitialized empty Git repository in /root/gitolite-admin/.git/Bad owner or permissions on /root/.ssh/configfatal: The remote end hung up unexpectedly

Permissions are incorrect, the following gives 600 permissions to resolve the issue

[[email protected] ~]# ll /root/.ssh/config-rw-rw-r-- 1 root root 99 Mar 29 11:28 /root/.ssh/config[[email protected] ~]# chmod 600 /root/.ssh/config[[email protected] ~]#  git clone git-server:gitolite-adminInitialized empty Git repository in /root/gitolite-admin/.git/Warning: Permanently added ‘221.195.1.233‘ (RSA) to the list of known hosts.remote: Counting objects: 6, done.remote: Compressing objects: 100% (4/4), done.remote: Total 6 (delta 0), reused 0 (delta 0)Receiving objects: 100% (6/6), done.

[email protected] ~]# ll gitolite-admin/
Total 8
Drwxrwxr-x 2 root root 4096 Mar conf
Drwxrwxr-x 2 root root 4096 Mar Keydir

Clone after the end of a new directory gitolite-admin, there are two folders conf and Keydir, the first directory contains a configuration file, which is the location of the record permissions configuration, the second directory contains all users of the pub key.

[[email protected] ~]# ll gitolite-admin/*gitolite-admin/conf:total 4-rw-r--r-- 1 root root 77 Jul 22 15:10 gitolite.confgitolite-admin/keydir:total 4-rw-r--r-- 1 root root 393 Jul 22 15:10 git-admin.pub
[[email protected] ~]# cat gitolite-admin/conf/gitolite.conf repo gitolite-admin    RW+     =   adminrepo testingRW+     =   @all

First of all gitolite-admin only admin has read and write permission, no one else can read and write
Another code base testing is accessible to everyone

2.4 Place the public key file of the manage-side machine git-admin.pub to the Gitolite-admin/keydir directory and submit it to the remote repository Git-server
[[email protected] ~]# git add conf/ keydir/[[email protected] ~]# git status[[email protected] ~]# git push

To view the key file on the Git-server Machine remote repository:
[[email protected] ~]$ cat /home/git/.ssh/authorized_keys

#gitolite startcommand="/home/git/gitolite/src/gitolite-shell admin",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzXc/2BPDIZ/3PnoXhgVEyZLdF5oiE+UuumBeOxcR2FGoGUVEaSWYOZ2zWYIk5RCzKNWb3d9Ur51l7DpQunmCUlvf4lOZ7UT68jnhAF/NNN9a6upEHBls5hpFvVp+DmqOYuVuWs+FQhShPvp70QJfsx/+gg14rw9A1/jN5GdgrrStYorNEE1Ut8/T1t9tNxsIlfwgd6pQPKpWJ11sANWx9U+DfUEAN4a0bCiZ/PQ+9aR+SJ1Y+H68pt2+iy4I8UXuhtgSqYTu5YmxsJlF3uoHypF4lOTqgiP0HYr8FNZ3KWg2ome8fUOnO2VbNvgAXafhLEfBd5zxd6YChDHwfIclvQ== [email protected]#gitolite end

At this point you can clone the code on the remote repository on the Manage machine with the secret key:

[[email protected] ~]# git clone git-server:gitolite-adminInitialized empty Git repository in /tmp/gitolite-admin/.git/remote: Counting objects: 16, done.remote: Compressing objects: 100% (12/12), done.remote: Total 16 (delta 2), reused 0 (delta 0)Receiving objects: 100% (16/16), done.Resolving deltas: 100% (2/2), done.[[email protected] ~]# ll gitolite-admintotal 8drwxrwxr-x 2 root root 4096 Mar 30 21:57 confdrwxrwxr-x 2 root root 4096 Mar 30 21:57 keydir

If you comment out [[email protected] ~]$ Ll/home/git/.ssh/authorized_keys The contents of this file, you are prompted to enter the password when you clone, colleague even if you enter the password, clone remote repository code will still fail

[[email protected] tmp]# git clone git-server:gitolite-admin
Initialized Empty Git repository in/tmp/gitolite-admin/.git/
[email protected] ' s password:123456
Fatal: ' Gitolite-admin ' does not appear to be a git repository
Fatal:the remote end hung up unexpectedly

Build gitolite on Linux server to implement permissions control on Git server's repository

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.