From: Konstantin Khomoutov <kostix+git@007spb.ru>
To: Ethan Reesor <firelizzard@gmail.com>
Cc: git <git@vger.kernel.org>
Subject: Re: Pushing a git repository to a new server
Date: Mon, 11 Feb 2013 11:50:40 +0400 [thread overview]
Message-ID: <20130211075040.GJ5210@localhost.localdomain> (raw)
In-Reply-To: <CAE_TNin0Kb_38gnx9W36VZ8CTxYBZ9T1Dkhar1DUFHyQUq7ebg@mail.gmail.com>
On Sun, Feb 10, 2013 at 04:00:56PM -0500, Ethan Reesor wrote:
> I'm looking to make a command to push a git repo to a new server. The
> way I just did it is as follows:
>
> localhost> git clone --bare /path/to/MyRepo /path/to/tmpdir/MyRepo.git
> localhost> tar xz /path/to/tmpdir/MyRepo.git | ssh myuser@remotehost
> tar cz \~/ # If I don't escape '~', my local machine expands it
> localhost> ssh myuser@remotehost
> remotehost> sudo chown -R git:git MyRepo.git
What's wrong with
$ ssh myuser@remotehost 'mkdir /path/to/MyRepo.git; cd $_; git init --bare'
$ git push --all git@remotehost:MyOtherRepo.git
?
> The reason I had to use my user is the git user's shell is git-prompt
There's no such thing as git-prompt. The restricted login shell for
SSH-only access typically used for such a "virtual" Git user is
git-shell.
> and ~git/git-shell-commands is empty. I have repos set up using
> 'git@remotehost:MyOtherRepo.git' as the remote and everything works.
>
> How do I make a git command that can talk to the server using
> git-prompt like the other commands do?
It's not really clear what do you want to achieve.
The reason the git-shell shell is *restricted* (read its manual page)
is to shrink the surface of possible attacks in the case the shell
account used for accessing Git repos over SSH is compromized (the key or
password stolen, for instance). This is achieved by only allowing
commands like git-upload-pack etc in the shell (no general file
manipulation commands etc). So what creating "git command that can
talk to the server using git-prompt ..." would really buy you?
I think the way to go is to start using gitolite [1] or implement by
hand a subset of what it does (a custom login shell which is allowed to
do certain things in a special area of the filesystem designated to keep
Git repositories) or just set up a special account on the server
("git-admin", for instance) which would have a regular login shell set
for it and would be in the same group as the user "git" (or even have
the same UID) so that they could share the files they create (subject to
active umasks of processes run as both users though).
1. https://github.com/sitaramc/gitolite
next prev parent reply other threads:[~2013-02-11 7:51 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-10 21:00 Pushing a git repository to a new server Ethan Reesor
2013-02-11 7:50 ` Konstantin Khomoutov [this message]
2013-02-11 7:57 ` Ethan Reesor
2013-02-11 12:45 ` Konstantin Khomoutov
2013-02-11 18:18 ` Ethan Reesor
2013-02-11 16:27 ` Jeff King
2013-02-11 18:17 ` Ethan Reesor
2013-02-12 11:28 ` Michael J Gruber
2013-02-12 20:42 ` Jeff King
2013-02-13 8:08 ` Michael J Gruber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130211075040.GJ5210@localhost.localdomain \
--to=kostix+git@007spb.ru \
--cc=firelizzard@gmail.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).