1

First I am new to GIT and gitolite. But I have read enough and cleared my basic concepts. I was following Sitaram's tutorial https://github.com/sitaramc/gitolite I wanted to ask few question for clarification and doubts.

  1. I have a user git. Is it really necessary for a git user to have no password (user created with --disabled-password option (which I can't make it working on RHEL. but it worked on ubuntu))? I understand that git user must be accessible with ssh.

  2. Lets say I have a GIT server and three clients gitadmin, cleintA and clientB. Now to make gitolite work, on gitadmin I copy clientA.pub, ClientB.pub (the public keys) to keydir then I edit my conf/gitolite.conf like as follows:

     repo phpsite
       RW+         =   clientA

 repo javasite
       RW+         = clientB

Now my question is when I commit these files and push them on server. What happens then? How these repos are created? do I have to manually create them or gitolite will create it?

Now when clientA needs to clone/checkout the repo what url will it use?

git@server.com:phpsite or will it be clientA@server:phpsite.

I know this question may be a little stupid, but I really need to clear these doubts

Any help or hint is much appreciable.

EDIT

After VonC answer I implemented the gitolite and got around another Doubt. Lets say I have a machine clientA which got two users alice,bob Now Ideally the public key should be alice.pub and bob.pub for these users. Now Question is can I generate and name a public key for alice like alice-clientA.pub? From my understanding a different file name should not be a issue for authentication. But what about conf/gitolite.conf the users name under repo should be like 

repo phpsite
   RW+     =  alice-clientA

OR

should it be same as before

 repo php:site
   RW+    =   alice

Thanks!

SAM
  • 641
  • 2
  • 16
  • 30

1 Answers1

3

Is it really necessary for a git user to have no password (user created with --disabled-password option)

No. 'git'is a regular account.

when I commit these files and push them on server. What happens then

Gitolite will create the bare repo phpsite.git and javasite.git in ~git/repositories/, and it will modify ~git/.ssh/authorized_keys in order to call the gitolite script using clientA and clientB public keys and parameter.
It takes advantage of the ssh mechanism forced command.

See more at "How do programs like gitolite work?".

You always use an ssh connection as user git:

git@server.com:phpsite

You never tries an ssh as clientA: ssh will authenticate you as clientA because of your clientA public/private ssh keys.

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • that was real quick !! :) thanks!. I treasure your mentorship. I thought for `git@server.com:phpsite` too. just wanted to confirm. You saved the day – SAM Mar 23 '13 at 17:49
  • Hi! I just got another doubt. I have updated the question. would you please look into that ? – SAM Mar 24 '13 at 07:12
  • 1
    @SAM you don't need to generate a public key for each repo you want to access, alice.pub is enough. You would generate *another* public/private keys for alice only if alice were to access those same repos from *another* machine. – VonC Mar 24 '13 at 10:19
  • yeah thats correct!. But if you got two users on a same machine, Ideally the gitolite username in `conf` will be as the same name of public key file name. Are you trying to say for same machine I don't have to worry about creating so many public keys as much as users? – SAM Mar 24 '13 at 10:50
  • @SAM you have to make each user to create, on that same machine, a pair of public/private keys for each user and get from those users the public key renamed appropriately. Each pair of keys reside in `/home/auser/.ssh/id_rsa(.pub)` is is used by each user for their ssh connection. But those `id_rsa(.pub)` keys, adequately renamed after the user logins, are also copied in `gitolite-admin/keys` directory, and pushed back to the `gitolite-admin` repo. – VonC Mar 24 '13 at 10:53
  • alright. So My Public key name for alice on ClientA is `alice-clientA.pub` similarly for bob `bob-clientA.pub`. if I commit these files with same name. then in `gitolite.conf` I have to use same username as of the filename? – SAM Mar 24 '13 at 10:59
  • thanks. thank you so much.specially being so patient with me. – SAM Mar 24 '13 at 11:10
  • @SAM no problem. Sorry for the delay, I just woke up. – VonC Mar 24 '13 at 11:12
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/26800/discussion-between-sam-and-vonc) – SAM Mar 24 '13 at 11:12