t4034: abstract away SHA-1-specific constants

[thirdparty/git.git] / Documentation / git-shell.txt

git-shell(1)
============

NAME
----
git-shell - Restricted login shell for Git-only SSH access


SYNOPSIS
--------
[verse]
'chsh' -s $(command -v git-shell) <user>
'git clone' <user>`@localhost:/path/to/repo.git`
'ssh' <user>`@localhost`

DESCRIPTION
-----------

This is a login shell for SSH accounts to provide restricted Git access.
It permits execution only of server-side Git commands implementing the
pull/push functionality, plus custom commands present in a subdirectory
named `git-shell-commands` in the user's home directory.

COMMANDS
--------

'git shell' accepts the following commands after the `-c` option:

'git receive-pack <argument>'::
'git upload-pack <argument>'::
'git upload-archive <argument>'::
	Call the corresponding server-side command to support
	the client's 'git push', 'git fetch', or 'git archive --remote'
	request.
'cvs server'::
	Imitate a CVS server.  See linkgit:git-cvsserver[1].

If a `~/git-shell-commands` directory is present, 'git shell' will
also handle other, custom commands by running
"`git-shell-commands/<command> <arguments>`" from the user's home
directory.

INTERACTIVE USE
---------------

By default, the commands above can be executed only with the `-c`
option; the shell is not interactive.

If a `~/git-shell-commands` directory is present, 'git shell'
can also be run interactively (with no arguments).  If a `help`
command is present in the `git-shell-commands` directory, it is
run to provide the user with an overview of allowed actions.  Then a
"git> " prompt is presented at which one can enter any of the
commands from the `git-shell-commands` directory, or `exit` to close
the connection.

Generally this mode is used as an administrative interface to allow
users to list repositories they have access to, create, delete, or
rename repositories, or change repository descriptions and
permissions.

If a `no-interactive-login` command exists, then it is run and the
interactive shell is aborted.

EXAMPLES
--------

To disable interactive logins, displaying a greeting instead:

----------------
$ chsh -s /usr/bin/git-shell
$ mkdir $HOME/git-shell-commands
$ cat >$HOME/git-shell-commands/no-interactive-login <<\EOF
#!/bin/sh
printf '%s\n' "Hi $USER! You've successfully authenticated, but I do not"
printf '%s\n' "provide interactive shell access."
exit 128
EOF
$ chmod +x $HOME/git-shell-commands/no-interactive-login
----------------

To enable git-cvsserver access (which should generally have the
`no-interactive-login` example above as a prerequisite, as creating
the git-shell-commands directory allows interactive logins):

----------------
$ cat >$HOME/git-shell-commands/cvs <<\EOF
if ! test $# = 1 && test "$1" = "server"
then
	echo >&2 "git-cvsserver only handles \"server\""
	exit 1
fi
exec git cvsserver server
EOF
$ chmod +x $HOME/git-shell-commands/cvs
----------------

SEE ALSO
--------
ssh(1),
linkgit:git-daemon[1],
contrib/git-shell-commands/README

GIT
---
Part of the linkgit:git[1] suite