I have a git repository hosted on my SunOS server, that I remotely use through ssh
git clone ssh://[email protected]/path/to/git
Now I need to add more users to be able to access that repository, but not sure how.
I have added one testUser to ssh, but I can't seem to limit that user privileges to only use git.
testUser is able to ssh through and browse the entire server.
How can I create users that can only access git remotely, to clone/pull/push etc...
thanks
You basically have two options.
As topdog mentioned, when you create users on the server, set their shell to git-shell (book entry here). This will allow the user to login in via SSH, but instead of running a normal, fully-featured shell (e.g. sh,bash,etc.) it will run, git-shell, which only provides access to git functionality.
Alternatively, you can make your repositories available via another protocol, such as TCP (using git-deamon) or HTTP/HTTPS. I'd only recommend such a scenario for read-only access though.
You mention wanting to support 'push' functionality for your users, so you should really go with option #1.
You might consider using gitolite under a single user instead of setting up multiple git-shell users (and the required group and group permissions so they can share access to the repositories).
gitolite runs under a single, normal user on the server and uses SSH public keys to differentiate access to Git repositories (see “how gitolite uses ssh” for some of the details of how gitolite does its SSH-based identification). gitolite offers per-repository, per-branch, and even some per-path access control.
you need to change their shell to git-shell, that will only give them access to git functions only.
Another way to do it is by limit access of the users within ssh.
(http://prefetch.net/blog/index.php/2006/09/05/limiting-access-to-openssh-directives/)
The example is just by using only one user, but if the users are on the same group you can filter them out by using group directive. Something like