| Petr Baudis | d43367a | 2005-10-25 23:43:30 +0200 | [diff] [blame] | 1 | git-shell(1) |
| 2 | ============ |
| 3 | |
| 4 | NAME |
| 5 | ---- |
| Ramkumar Ramachandra | 70256a3 | 2010-08-24 11:06:51 +0530 | [diff] [blame] | 6 | git-shell - Restricted login shell for Git-only SSH access |
| Petr Baudis | d43367a | 2005-10-25 23:43:30 +0200 | [diff] [blame] | 7 | |
| 8 | |
| 9 | SYNOPSIS |
| 10 | -------- |
| Martin von Zweigbergk | 7791a1d | 2011-07-01 22:38:26 -0400 | [diff] [blame] | 11 | [verse] |
| Jonathan Nieder | cdd9b3c | 2013-03-09 13:55:37 -0800 | [diff] [blame] | 12 | 'chsh' -s $(command -v git-shell) <user> |
| 13 | 'git clone' <user>`@localhost:/path/to/repo.git` |
| 14 | 'ssh' <user>`@localhost` |
| Petr Baudis | d43367a | 2005-10-25 23:43:30 +0200 | [diff] [blame] | 15 | |
| 16 | DESCRIPTION |
| 17 | ----------- |
| Petr Baudis | d43367a | 2005-10-25 23:43:30 +0200 | [diff] [blame] | 18 | |
| Jonathan Nieder | cdd9b3c | 2013-03-09 13:55:37 -0800 | [diff] [blame] | 19 | This is a login shell for SSH accounts to provide restricted Git access. |
| 20 | It permits execution only of server-side Git commands implementing the |
| 21 | pull/push functionality, plus custom commands present in a subdirectory |
| 22 | named `git-shell-commands` in the user's home directory. |
| Ramkumar Ramachandra | 70256a3 | 2010-08-24 11:06:51 +0530 | [diff] [blame] | 23 | |
| Jonathan Nieder | cdd9b3c | 2013-03-09 13:55:37 -0800 | [diff] [blame] | 24 | COMMANDS |
| 25 | -------- |
| Ramkumar Ramachandra | 70256a3 | 2010-08-24 11:06:51 +0530 | [diff] [blame] | 26 | |
| Matthieu Moy | 23f8239 | 2016-06-28 13:40:10 +0200 | [diff] [blame] | 27 | 'git shell' accepts the following commands after the `-c` option: |
| Jonathan Nieder | cdd9b3c | 2013-03-09 13:55:37 -0800 | [diff] [blame] | 28 | |
| 29 | 'git receive-pack <argument>':: |
| 30 | 'git upload-pack <argument>':: |
| 31 | 'git upload-archive <argument>':: |
| 32 | Call the corresponding server-side command to support |
| 33 | the client's 'git push', 'git fetch', or 'git archive --remote' |
| 34 | request. |
| 35 | 'cvs server':: |
| 36 | Imitate a CVS server. See linkgit:git-cvsserver[1]. |
| 37 | |
| 38 | If a `~/git-shell-commands` directory is present, 'git shell' will |
| 39 | also handle other, custom commands by running |
| 40 | "`git-shell-commands/<command> <arguments>`" from the user's home |
| 41 | directory. |
| 42 | |
| 43 | INTERACTIVE USE |
| 44 | --------------- |
| 45 | |
| Matthieu Moy | 23f8239 | 2016-06-28 13:40:10 +0200 | [diff] [blame] | 46 | By default, the commands above can be executed only with the `-c` |
| Jonathan Nieder | cdd9b3c | 2013-03-09 13:55:37 -0800 | [diff] [blame] | 47 | option; the shell is not interactive. |
| 48 | |
| 49 | If a `~/git-shell-commands` directory is present, 'git shell' |
| 50 | can also be run interactively (with no arguments). If a `help` |
| 51 | command is present in the `git-shell-commands` directory, it is |
| 52 | run to provide the user with an overview of allowed actions. Then a |
| 53 | "git> " prompt is presented at which one can enter any of the |
| 54 | commands from the `git-shell-commands` directory, or `exit` to close |
| 55 | the connection. |
| 56 | |
| 57 | Generally this mode is used as an administrative interface to allow |
| 58 | users to list repositories they have access to, create, delete, or |
| 59 | rename repositories, or change repository descriptions and |
| 60 | permissions. |
| 61 | |
| Jonathan Nieder | 3529708 | 2013-03-09 14:00:11 -0800 | [diff] [blame] | 62 | If a `no-interactive-login` command exists, then it is run and the |
| 63 | interactive shell is aborted. |
| 64 | |
| Nguyễn Thái Ngọc Duy | 76a8788 | 2018-04-30 17:35:33 +0200 | [diff] [blame] | 65 | EXAMPLES |
| 66 | -------- |
| Jonathan Nieder | 3529708 | 2013-03-09 14:00:11 -0800 | [diff] [blame] | 67 | |
| 68 | To disable interactive logins, displaying a greeting instead: |
| Jonathan Nieder | e28dcdc | 2014-05-07 16:44:01 -0700 | [diff] [blame] | 69 | |
| Jonathan Nieder | 3529708 | 2013-03-09 14:00:11 -0800 | [diff] [blame] | 70 | ---------------- |
| 71 | $ chsh -s /usr/bin/git-shell |
| 72 | $ mkdir $HOME/git-shell-commands |
| 73 | $ cat >$HOME/git-shell-commands/no-interactive-login <<\EOF |
| 74 | #!/bin/sh |
| 75 | printf '%s\n' "Hi $USER! You've successfully authenticated, but I do not" |
| 76 | printf '%s\n' "provide interactive shell access." |
| 77 | exit 128 |
| 78 | EOF |
| 79 | $ chmod +x $HOME/git-shell-commands/no-interactive-login |
| 80 | ---------------- |
| 81 | |
| Jeff King | 9a42c03 | 2017-09-11 11:27:51 -0400 | [diff] [blame] | 82 | To enable git-cvsserver access (which should generally have the |
| 83 | `no-interactive-login` example above as a prerequisite, as creating |
| 84 | the git-shell-commands directory allows interactive logins): |
| 85 | |
| 86 | ---------------- |
| 87 | $ cat >$HOME/git-shell-commands/cvs <<\EOF |
| 88 | if ! test $# = 1 && test "$1" = "server" |
| 89 | then |
| 90 | echo >&2 "git-cvsserver only handles \"server\"" |
| 91 | exit 1 |
| 92 | fi |
| 93 | exec git cvsserver server |
| 94 | EOF |
| 95 | $ chmod +x $HOME/git-shell-commands/cvs |
| 96 | ---------------- |
| 97 | |
| Jonathan Nieder | cdd9b3c | 2013-03-09 13:55:37 -0800 | [diff] [blame] | 98 | SEE ALSO |
| 99 | -------- |
| 100 | ssh(1), |
| 101 | linkgit:git-daemon[1], |
| 102 | contrib/git-shell-commands/README |
| Petr Baudis | d43367a | 2005-10-25 23:43:30 +0200 | [diff] [blame] | 103 | |
| Petr Baudis | d43367a | 2005-10-25 23:43:30 +0200 | [diff] [blame] | 104 | GIT |
| 105 | --- |
| Christian Couder | 9e1f0a8 | 2008-06-06 09:07:32 +0200 | [diff] [blame] | 106 | Part of the linkgit:git[1] suite |
