simplest git deamon?

simplest git deamon?

[Mihamina Rakotomandimby]

Manao ahoana, Hello, Bonjour,

I would like to setup a git repository, on a Debian machine.
I would like to access it only with git:// (no http://, no ssh://,...)

How to implement read/write restriction when just wanting to use
"git://" without dealing with SSH?

http://www.kernel.org/pub/software/scm/git/docs/everyday.html, at it's
bottom tlak about this but it requires SSH.
https://help.ubuntu.com/community/Git talks about gitosis, but it
requires keys.

I have the GIT repository setup, with the "git://"-only access scheme, 
but anyone may push into this.

I expected just a flat file the SVN way (But I dont want to use SVN):

  [users]
  alice: al_pass
  bob  : b_pass
  
  [groups]
  senior:alice,bob
  
  [permissions]
  @senior:all
  @anonymous:clone

How could I do that?

Misaotra, Thanks, Merci.

-- 
       Architecte Informatique chez Blueline/Gulfsat:
    Administration Systeme, Recherche & Developpement
                +261 34 29 155 34 / +261 33 11 207 36

Re: simplest git deamon?

[Shawn O. Pearce]

Mihamina Rakotomandimby <mihamina@gulfsat.mg> wrote:
> Manao ahoana, Hello, Bonjour,
> 
> I would like to setup a git repository, on a Debian machine.
> I would like to access it only with git:// (no http://, no ssh://,...)
> 
> How to implement read/write restriction when just wanting to use
> "git://" without dealing with SSH?
> 
> http://www.kernel.org/pub/software/scm/git/docs/everyday.html, at it's
> bottom tlak about this but it requires SSH.
> https://help.ubuntu.com/community/Git talks about gitosis, but it
> requires keys.
> 
> I have the GIT repository setup, with the "git://"-only access scheme, 
> but anyone may push into this.
> 
> I expected just a flat file the SVN way (But I dont want to use SVN):

Git isn't SVN.

The git:// daemon is *anonymous*.  It has no authentication
capability, nor will it probably ever learn how to authenticate
users.  Consequently you can't do what you want with it.

Instead of reinventing the wheel poorly, Git relies on external
servers to perform the authentication.  So if you want authenticated
access, you will need to use either SSH or HTTP.

If you use SSH, lots of people get by with Gitosis, as its fairly
simple to configure.  Another option is to use something much more
complex like Gerrit Code Review[1] that contains its own SSH server.

If you use HTTP, use the newer git-http-backend[2] that was
introduced in Git 1.6.6 (or later), running behind an Apache
HTTP server.

[1] http://code.google.com/p/gerrit/
[2] http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html
 
-- 
Shawn.

Re: simplest git deamon?

[Tomas Carnecky]

On 4/12/10 3:47 PM, Mihamina Rakotomandimby wrote:
> Manao ahoana, Hello, Bonjour,
>
> I would like to setup a git repository, on a Debian machine.
> I would like to access it only with git:// (no http://, no ssh://,...)
>
> How to implement read/write restriction when just wanting to use
> "git://" without dealing with SSH?

The git:// protocol is anonymous, not authenticated. If you want to 
allow read/write access to repositories while restricting access only to 
certain users, you'll have to use http:// or ssh:// (with the later 
strongly preferred). Try gitolite [1], it isn't that hard to set it up.

tom

[1] http://github.com/sitaramc/gitolite

Re: simplest git deamon?

[Matthieu Moy]

Mihamina Rakotomandimby <mihamina@gulfsat.mg> writes:

> Manao ahoana, Hello, Bonjour,
>
> I would like to setup a git repository, on a Debian machine.
> I would like to access it only with git:// (no http://, no ssh://,...)
>
> How to implement read/write restriction when just wanting to use
> "git://" without dealing with SSH?

You do want SSH: Git itself doesn't do encryption, so implementing
access control over plain git:// would be insecure. And Git prefered
to delegate access control to well established solution such as SSH.

I'd recommand having a second look at gitosis, or its variant
gitolite, which provide a configuration file mostly like what you
expect :

>   [users]
>   alice: al_pass
>   bob  : b_pass
>   
>   [groups]
>   senior:alice,bob
>   
>   [permissions]
>   @senior:all
>   @anonymous:clone

-- 
Matthieu Moy
http://www-verimag.imag.fr/~moy/

Re: simplest git deamon?

[Ilari Liusvaara]

On Mon, Apr 12, 2010 at 04:47:40PM +0300, Mihamina Rakotomandimby wrote:
> Manao ahoana, Hello, Bonjour,
> 
> I would like to setup a git repository, on a Debian machine.
> I would like to access it only with git:// (no http://, no ssh://,...)
> 
> How to implement read/write restriction when just wanting to use
> "git://" without dealing with SSH?

You can't. git:// in its base form does not support authentication.

Yes, one could extend git:// to support authentication and encryption
(been there, done that), but that isn't usable as client end requires
extra software not included in standard git install (that server end
requires extra software is comparatively no problem).

-Ilari