From 6eb4f9bb90d750086bb91d8bc17d22dabc33746c Mon Sep 17 00:00:00 2001 From: Petr Baudis Date: Sun, 8 Oct 2006 01:46:10 +0200 Subject: [PATCH] Update hosting setup based on final chroot arrangement --- README | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/README b/README index 2e895fc..67fab6a 100644 --- a/README +++ b/README @@ -21,6 +21,7 @@ This is how the push access is provided: The whole setup is confined in a chroot with its own instance of sshd running. The chroot looks like: + /bin/sh /bin/git-shell /bin/git-upload-pack /bin/git-receive-pack @@ -28,19 +29,21 @@ The chroot looks like: /bin/git-pack-objects /bin/git-unpack-objects /bin/git-update-server-info + /bin/git-repack /sbin/sshd - /lib/libc.so.6 - /lib/ld-linux.so.2 + /dev/randomstuff + /lib/randomstuff + /var/empty /srv/git/... /etc/group /etc/passwd /etc/sshkeys/* - /var/empty + /etc/ssh/randomstuff There is a (non-chroot) system user 'repo' and a group of the same name (the webserver is member of the group; TODO: suexec). The files in /etc are owned by repo.repo and group-writable, as well as all files in /srv/git/*/ but -refs/** and objects/** which are repo.projname. +refs/**, info/**, and objects/** which are repo.project. When you register a project, it will get a gid allocation and you will set a @@ -53,7 +56,7 @@ When you register a user, it will get a uid allocation and you will upload an ssh public key for it. The user is stored in a passwd(5) file (but containing just the repo.or.cz users; 65534 is nogroup): - username::uid:65534:realname:/dev/null:/bin/git-shell + username::uid:65534:email:/:/bin/git-shell The authorized keys are stored in /etc/sshkeys/username. -- 2.11.4.GIT