Setting Up a Git Server Using Gitosis

Update: Since gitosis is not maintained and supported, please check out gitolite for setting up a new git server. (see the comment from Sitaram Chamarty, the gitolite author, the author of gitolite.)


Gitosis is a piece of software writen by Tommi Virtanen for hosting git repositories. It manages multiple repositories under the same user account. It uses SSH public keys to identify users. Users do not need shell accounts on the git server. The operations are done under the shared account.

One benefit we get from using gitosis is that we can give different users write/read right on different repositories. Another benefit is easier user and repository management. The management is done by a special repository named gitosis-admin.git on the server.

Let’s look at how to set up a git server using gitosis. Here we want to set up a git server on example.org. Please refer to Managing Repositories on Git Server Using Gitosis and Howto for New Git Users for how to manage and use the repositories managed by gitosis.

Install git and gitosis on the server

First , log in the git server by “ssh username@example.org”. The username is the account name that can sudo or the user who knows root’s password on the git server.

Then install gitosis and git. On the Fedora system, the command is like this:

$ sudo yum install git gitosis

or

$ su -c 'yum install git gitosis'

The command may be different on the other platforms.

Create the server side git user and home

We need to create a Linux account for the shared account. It is usually git. But any account name can be used. The repositories are stored in git’s home directory.

Logon to the git server by ssh username@example.org. username is the account name that can sudo or the one that knows root’s password on the git server.

$ sudo useradd -m -d /home/git -u 1005 git

Here we assume git’s home directory is /home/git.

Setup gitosis administration repository

First create the administrator’s SSH public key if you haven’t got one. On the administrator’s local machine:

$ ssh-keygen -t rsa

Then copy it to the git server’s /tmp/ directory:

$ scp ~/.ssh/id_rsa.pub username@example.org:/tmp/id_rsa.pub

Logon to the git server with account that has privilege to sudo or su. Then:

$ sudo su - git
$ cd
$ gitosis-init < /tmp/id_rsa.pub

Now we have created the gitosis administration repository on git server. The default repository directory is ~/repositories/ under git’s home directory.

Then the administrator can clone the gitosis-admin repository on  its local machine:

$ git clone git@example.org:gitosis-admin.git

There are one configuration file and one directory in gitosis-admin:

gitosis.conf  keydir

gitosis.conf is the configuration file for gitosis. keydir is used to store the users’ public SSH keys. These files are used to manage repositories and users by the administrator. A git server has been set up by now. Management work can be done by editing the files in the gitosis-admin repository and pushing it to the git server.

Public access

We may want to  give everyone read-only access to a public project without using SSH keys. We can use git-daemon. It is a daemon tool independent of gitosis and it comes with git itself.

First log on the git server as privileged user, and then use this command to export all the repositories to public users.:

$ sudo -u git git-daemon --base-path=/home/git/repositories/ --export-all

Someone can then clone repository example.git like this:

$ git clone git://example.org/example.git

Note the difference of the repository address.

If we only want to export selected repositories, we should remove “–export-all” from the above command. Then if we want to export example.git to the others, we need to log on the git server (privileged account is needed), go to the repository’s directory (/home/git/repositories/example.git for this example),  and create a file named git-daemon-export-ok:

$ touch git-daemon-export-ok

This repository is exported to the public now, while the others are keep private (if not set to be public).

About Eric Zhiqiang Ma

Eric Zhiqiang Ma is a PhD candidate at Dep. of CSE, HKUST. He is interested in system software for cloud computing, virtualization of large-scale distributed systems and etc. Also find Eric on Facebook, Twitter, LinkedIn and Google+. The views or opinions expressed here are solely Eric's own and do not necessarily represent those of any third parties. More Posts - Website

0 thoughts on “Setting Up a Git Server Using Gitosis”

  1. Excellent! Grammar nitpick though: You start with, “Gitosis is a software…” No, Gitosis is a piece of software. “Software” is a word like “hardware” or “clothing” — you have a piece of hardware or a piece of clothing, not “a hardware” or “a clothing.” Thanks!

    1. Thanks for pointing out my grammar mistakes. BTW: Ff you are setting up a new git server, please try the maintained gitolite (also check the updated information at the beginning of the post).

  2. hey great tutorial mate,

    everything works, except if i push the edited gitoris.conf to the server, it doesn’t change the config on the server. And i don’t know what i need to do to fix this.

    1. ~/.gitosis.conf is a soft link to the gitosis.conf file in the gitosis-admin.git repository on the git server. You may take a look at whether the gitosis.conf changes and whether the soft link is correct.

      Otherwise, you may take a look at the message git prints out when you execute ‘git commit’ then ‘git push’. The message may help.

  3. @Malvolio

    No. We don’t know the git user’s secret identity file (the private/public key). Everyone including the administrator only give out the public key while they have their own private key which is not the git user’s. Even the administrator can not logon the git server using their own key.

    Of course, during adding the *first* administrator, the operation should be down as git user or root on the git server. After that, the gitosis-admin.git repository can be treated as normal repository and the administrator(s) can add more administrator(s) to it.

  4. That can’t be right. *Everyone* who wants to clone the admin repository must have the secret identity file of the git users? C’mon, that’s a horrible security hole.

  5. Hi

    This is the most excellent article i have read on GIT … Simple & straight .. for any newbie to git installation .. infact u solved most of the issues that i was stuck wid ..

    Thanks a lot for ur wonderful article ..

    Can u please clarify the following instructions purpose .. as i am facing an issue at this point ..

    Now we have created the gitosis administration repository on git server. The default repository directory is ~/repositories/ under git’s home directory.

    Then the administrator can get the gitosis-admin repository from the git server on local machine:

    $ git clone git@example.org:gitosis-admin.git

    Whn i do the same i get the following output

    [git@root ~]$ gitosis-init </tmp/id_rsa.pub
    Initialized empty Git repository in /home/git/repositories/gitosis-admin.git/
    Reinitialized existing Git repository in /home/git/repositories/gitosis-admin.git/
    [git@root ~]$ git clone git@coderepo.com:gitosis-admin.git
    Initialized empty Git repository in /home/git/gitosis-admin/.git/
    The authenticity of host 'coderepo.com (208.113.196.139)' can't be established.
    RSA key fingerprint is bc:f9:b5:55:4b:2c:07:d7:42:8c:00:2a:8d:f0:2c:de.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added 'coderepo.com,208.113.196.139' (RSA) to the list of known hosts.
    git@coderepo.com's password:
    Permission denied, please try again.
    git@coderepo.com's password:
    Permission denied, please try again.
    git@coderepo.com's password:
    Connection closed by 208.113.196.139
    fatal: The remote end hung up unexpectedly
    [git@root ~]$ git clone git@coderepo.com:gitosis-admin.git
    Initialized empty Git repository in /home/git/gitosis-admin/.git/
    git@coderepo.com's password:
    Permission denied, please try again.
    git@coderepo.com's password:
    Permission denied, please try again.
    git@coderepo.com's password:
    Permission denied (publickey,password).
    fatal: The remote end hung up unexpectedly

    Please help .. ASAP !!

    Thank you once again for your time & patience ,.. most important .. this article .. A well written, simple to understand .. easy to use document is more worthy than a 100hrs training !!

    1. Hi S Karthik Kumar,

      Thanks!

      “gitosis-init < /tmp/id_rsa.pub" should be done by "git" (the git linux user) on the gitosis server.
      "git clone git@ coderepo.com:gitosis-admin.git" should be done on local machine by user whose private key under "~/.ssh/id_rsa" is the private part for the "/tmp/id_rsa.pub" in previous command.

      Please check these files under git account on gitosis server:
      ~/.ssh/authorized_keys
      ~/.gitosis.conf
      ~/repositories/gitosis-admin.git/gitosis.conf (soft linked to ~/.gitosis.conf)
      These files contains gitosis' configuration information.

Leave a Reply

Your email address will not be published. Required fields are marked *

− one = seven

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Click to subscribe to Fclose.com Posts by Email if you have not.