1

I set up git and gitolite with some help from members on this forum and using these instructions:

https://github.com/sitaramc/gitolite

In the instructions one of the requirements is:

a dedicated userid to host the repos (in this document, we assume it is 'git'), with shell access ONLY by 'su - git' from some other userid on the same server.

Are these the correct permissions shown below?

sudo chown git /home/git
sudo chmod -R 755 /home/git

...or are there more appropriate settings to provide necessary security and functionality?

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
RGI
  • 333
  • 4
  • 10

2 Answers2

1

Yes and no:

For /home/git, 700 would work too if you want something "more secure".

But you don't have to protect everything the same way within the git homedir, especially the .ssh directory.

The main point is to avoid '+gw' and '+ow' on /home/git itself: if 'group' or 'others' are writable, ssh won't work (the ssh daemon will refuse to consider /home/git/.ssh content)

See "Creating SSH keys for Gerrit and Hudson" as an example of appropriate ssh protections.

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
1

I created the Gitolite hosting user as below on Fedora. Other distributions have similar options in the adduser command

useradd \
--comment ‘git hosting user’ \
--user-group \
--system \
--shell /bin/bash \
--create-home \
--home-dir /home/git git

On Fedora, this command creates a system account git with local password locked. The default option for the useradd command when --password option isn’t supplied is to disable the password.

As I understand, this would give the hosting user an interactive non-login shell like so:

sudo su - git

NB: This question was put out a while ago, but I had the same question when I went about installing Gitolite (and didn't find an answer). I figured it out (or so, I think). So here it is.

JetStream
  • 518
  • 2
  • 6
  • 17