]> git.ipfire.org Git - thirdparty/git.git/blame - Documentation/git-shell.txt
Merge branch 'js/t3404-typofix' into maint
[thirdparty/git.git] / Documentation / git-shell.txt
CommitLineData
d43367af
PB
1git-shell(1)
2============
3
4NAME
5----
70256a3a 6git-shell - Restricted login shell for Git-only SSH access
d43367af
PB
7
8
9SYNOPSIS
10--------
7791a1d9 11[verse]
cdd9b3c9
JN
12'chsh' -s $(command -v git-shell) <user>
13'git clone' <user>`@localhost:/path/to/repo.git`
14'ssh' <user>`@localhost`
d43367af
PB
15
16DESCRIPTION
17-----------
70256a3a 18
cdd9b3c9
JN
19This is a login shell for SSH accounts to provide restricted Git access.
20It permits execution only of server-side Git commands implementing the
21pull/push functionality, plus custom commands present in a subdirectory
22named `git-shell-commands` in the user's home directory.
70256a3a 23
cdd9b3c9
JN
24COMMANDS
25--------
26
23f8239b 27'git shell' accepts the following commands after the `-c` option:
cdd9b3c9
JN
28
29'git receive-pack <argument>'::
30'git upload-pack <argument>'::
31'git upload-archive <argument>'::
32 Call the corresponding server-side command to support
33 the client's 'git push', 'git fetch', or 'git archive --remote'
34 request.
35'cvs server'::
36 Imitate a CVS server. See linkgit:git-cvsserver[1].
37
38If a `~/git-shell-commands` directory is present, 'git shell' will
39also handle other, custom commands by running
40"`git-shell-commands/<command> <arguments>`" from the user's home
41directory.
42
43INTERACTIVE USE
44---------------
70256a3a 45
23f8239b 46By default, the commands above can be executed only with the `-c`
cdd9b3c9
JN
47option; the shell is not interactive.
48
49If a `~/git-shell-commands` directory is present, 'git shell'
50can also be run interactively (with no arguments). If a `help`
51command is present in the `git-shell-commands` directory, it is
52run to provide the user with an overview of allowed actions. Then a
53"git> " prompt is presented at which one can enter any of the
54commands from the `git-shell-commands` directory, or `exit` to close
55the connection.
56
57Generally this mode is used as an administrative interface to allow
58users to list repositories they have access to, create, delete, or
59rename repositories, or change repository descriptions and
60permissions.
61
35297089
JN
62If a `no-interactive-login` command exists, then it is run and the
63interactive shell is aborted.
64
76a8788c
NTND
65EXAMPLES
66--------
35297089
JN
67
68To disable interactive logins, displaying a greeting instead:
e28dcdce 69
35297089
JN
70----------------
71$ chsh -s /usr/bin/git-shell
72$ mkdir $HOME/git-shell-commands
73$ cat >$HOME/git-shell-commands/no-interactive-login <<\EOF
74#!/bin/sh
75printf '%s\n' "Hi $USER! You've successfully authenticated, but I do not"
76printf '%s\n' "provide interactive shell access."
77exit 128
78EOF
79$ chmod +x $HOME/git-shell-commands/no-interactive-login
80----------------
81
9a42c03c
JK
82To enable git-cvsserver access (which should generally have the
83`no-interactive-login` example above as a prerequisite, as creating
84the git-shell-commands directory allows interactive logins):
85
86----------------
87$ cat >$HOME/git-shell-commands/cvs <<\EOF
88if ! test $# = 1 && test "$1" = "server"
89then
90 echo >&2 "git-cvsserver only handles \"server\""
91 exit 1
92fi
93exec git cvsserver server
94EOF
95$ chmod +x $HOME/git-shell-commands/cvs
96----------------
97
cdd9b3c9
JN
98SEE ALSO
99--------
100ssh(1),
101linkgit:git-daemon[1],
102contrib/git-shell-commands/README
d43367af 103
d43367af
PB
104GIT
105---
9e1f0a85 106Part of the linkgit:git[1] suite