kmx.io/git-auth/README.md
-
Show log
Commit
-
Hash : 3494bfc8
Author :
Thomas de Grivel
Date : 2020-03-09T14:08:05
document rules
GIT-AUTH
Synopsis
GIT_AUTH_ID=ID git-auth COMMAND [ARGS ...]</td>Description
git-auth starts by reading rules from /etc/git-auth.conf, one rule per line. Empty lines and lines starting with # are ignored. Each rule is made of tokens separated by one or more spaces.
git-auth executes COMMAND and ARGS using execvp if the requested ID, COMMAND and ARGS match any of the rules defined in /etc/git-auth.conf.
git-auth matches a rule by matching all the rule’s tokens with ID, COMMAND and ARGS in order. Comparison is case sensitive.
A wildcard token “*” matches any string.
Environment
- GIT_AUTH_ID : an arbitrary token to match with the rules. This is usually set for each public key in /home/git/.ssh/authorized_keys with environment=”GIT_AUTH_ID=…” ssh-rsa …
Configuration
Access control rules for each git repository go into
/etc/git-auth.conf.
The syntax of this file is one rule per line. Each rule is composed of symbols separated by spaces. In order :
-
A GIT_AUTH_ID value that was set in
/home/git/.ssh/authorized_keys. -
A
git-shellcommand : eithergit-upload-packfor read access, orgit-receive-packfor write access. -
A repository path, relative to
/home/git, example:thodg/config.git
Files
- /etc/git-auth.conf
- /home/git/.ssh/authorized_keys
Source
-
README.md
-
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
# GIT-AUTH ## Synopsis GIT_AUTH_ID=ID git-auth COMMAND [ARGS ...]</td> ## Description **git-auth** starts by reading rules from /etc/git-auth.conf, one rule per line. Empty lines and lines starting with # are ignored. Each rule is made of tokens separated by one or more spaces. **git-auth** executes COMMAND and ARGS using execvp if the requested ID, COMMAND and ARGS match any of the rules defined in /etc/git-auth.conf. **git-auth** matches a rule by matching all the rule's tokens with ID, COMMAND and ARGS in order. Comparison is case sensitive. A wildcard token "*" matches any string. ## Environment * **GIT_AUTH_ID** : an arbitrary token to match with the rules. This is usually set for each public key in /home/git/.ssh/authorized_keys with environment="GIT_AUTH_ID=..." ssh-rsa ... ## Configuration Access control rules for each git repository go into `/etc/git-auth.conf`. The syntax of this file is one rule per line. Each rule is composed of symbols separated by spaces. In order : - A **GIT_AUTH_ID** value that was set in `/home/git/.ssh/authorized_keys`. - A `git-shell` command : either `git-upload-pack` for read access, or `git-receive-pack` for write access. - A repository path, relative to `/home/git`, example: `thodg/config.git` ## Files * /etc/git-auth.conf * /home/git/.ssh/authorized_keys