| commit | 9d7d54e28060c2f3e61d4c68663761cbbf4d1e57 | |
| author | Kyle J. McKay <mackyle@gmail.com> | |
| Mon, 24 Oct 2016 14:28:54 +0000 (24 07:28 -0700) | ||
| committer | Kyle J. McKay <mackyle@gmail.com> | |
| Mon, 24 Oct 2016 14:28:54 +0000 (24 07:28 -0700) | ||
| tree | 17f1aa4673d46e036ed91365d1003bffca887115 | treesnapshot (tar.gz zip) |
| parent | 38fd53a1ad4aae0cff9f2bc9cc25b6032506bccd | commitdiff |
ssh: enable fetches using "git" user
If the "mob" user is enabled it's already possible to fetch over
ssh with no password or registered user by simply using the "mob"
user since it's a passwordless user.
If "mob" is disbled, however, that will not work.
The user name "git" is already reserved and cannot be added to the
list of push users for a project.
Allow the "git" user to always work for fetches (upload-pack and
upload-archive) even when "mob" is disabled. Set up the "git"
user to only have read-only access by giving it the same group as
the user "nobody".
Pre-existing $chroot/etc/passwd files must be edited by hand to add
the git user in order to enable this functionality.
With this change it's now possible to fetch using either something
like "ssh://git@example.com/proj.git" or "git@example.com:proj.git"
which looks a lot nicer than "mob@example.com:proj.git".
It's also more secure since it's a read-only user and is available
even when the "mob" user has been disabled.
Actually displaying the new fetch-over-ssh option to users on the
gitweb project pages is left as an excercise for a future update.
Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
If the "mob" user is enabled it's already possible to fetch over
ssh with no password or registered user by simply using the "mob"
user since it's a passwordless user.
If "mob" is disbled, however, that will not work.
The user name "git" is already reserved and cannot be added to the
list of push users for a project.
Allow the "git" user to always work for fetches (upload-pack and
upload-archive) even when "mob" is disabled. Set up the "git"
user to only have read-only access by giving it the same group as
the user "nobody".
Pre-existing $chroot/etc/passwd files must be edited by hand to add
the git user in order to enable this functionality.
With this change it's now possible to fetch using either something
like "ssh://git@example.com/proj.git" or "git@example.com:proj.git"
which looks a lot nicer than "mob@example.com:proj.git".
It's also more secure since it's a read-only user and is available
even when the "mob" user has been disabled.
Actually displaying the new fetch-over-ssh option to users on the
gitweb project pages is left as an excercise for a future update.
Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
| bin/git-shell-verify | diffblobblamehistory | |
| jailsetup.sh | diffblobblamehistory |