]> git.ipfire.org Git - thirdparty/git.git/blame_incremental - Documentation/git-shell.txt
projects / thirdparty / git.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
docs: mention when increasing http.postBuffer is valuable
[thirdparty/git.git] / Documentation / git-shell.txt
... / ...
CommitLineData
1git-shell(1)
2============
3
4NAME
5----
6git-shell - Restricted login shell for Git-only SSH access
7
8
9SYNOPSIS
10--------
11[verse]
12'chsh' -s $(command -v git-shell) <user>
13'git clone' <user>`@localhost:/path/to/repo.git`
14'ssh' <user>`@localhost`
15
16DESCRIPTION
17-----------
18
19This is a login shell for SSH accounts to provide restricted Git access.
20It permits execution only of server-side Git commands implementing the
21pull/push functionality, plus custom commands present in a subdirectory
22named `git-shell-commands` in the user's home directory.
23
24COMMANDS
25--------
26
27'git shell' accepts the following commands after the `-c` option:
28
29'git receive-pack <argument>'::
30'git upload-pack <argument>'::
31'git upload-archive <argument>'::
32 Call the corresponding server-side command to support
33 the client's 'git push', 'git fetch', or 'git archive --remote'
34 request.
35'cvs server'::
36 Imitate a CVS server. See linkgit:git-cvsserver[1].
37
38If a `~/git-shell-commands` directory is present, 'git shell' will
39also handle other, custom commands by running
40"`git-shell-commands/<command> <arguments>`" from the user's home
41directory.
42
43INTERACTIVE USE
44---------------
45
46By default, the commands above can be executed only with the `-c`
47option; the shell is not interactive.
48
49If a `~/git-shell-commands` directory is present, 'git shell'
50can also be run interactively (with no arguments). If a `help`
51command is present in the `git-shell-commands` directory, it is
52run to provide the user with an overview of allowed actions. Then a
53"git> " prompt is presented at which one can enter any of the
54commands from the `git-shell-commands` directory, or `exit` to close
55the connection.
56
57Generally this mode is used as an administrative interface to allow
58users to list repositories they have access to, create, delete, or
59rename repositories, or change repository descriptions and
60permissions.
61
62If a `no-interactive-login` command exists, then it is run and the
63interactive shell is aborted.
64
65EXAMPLES
66--------
67
68To disable interactive logins, displaying a greeting instead:
69
70----------------
71$ chsh -s /usr/bin/git-shell
72$ mkdir $HOME/git-shell-commands
73$ cat >$HOME/git-shell-commands/no-interactive-login <<\EOF
74#!/bin/sh
75printf '%s\n' "Hi $USER! You've successfully authenticated, but I do not"
76printf '%s\n' "provide interactive shell access."
77exit 128
78EOF
79$ chmod +x $HOME/git-shell-commands/no-interactive-login
80----------------
81
82To enable git-cvsserver access (which should generally have the
83`no-interactive-login` example above as a prerequisite, as creating
84the git-shell-commands directory allows interactive logins):
85
86----------------
87$ cat >$HOME/git-shell-commands/cvs <<\EOF
88if ! test $# = 1 && test "$1" = "server"
89then
90 echo >&2 "git-cvsserver only handles \"server\""
91 exit 1
92fi
93exec git cvsserver server
94EOF
95$ chmod +x $HOME/git-shell-commands/cvs
96----------------
97
98SEE ALSO
99--------
100ssh(1),
101linkgit:git-daemon[1],
102contrib/git-shell-commands/README
103
104GIT
105---
106Part of the linkgit:git[1] suite
Unnamed repository; edit this file 'description' to name the repository.