[Not accepted] Git-shell not in the list of login shells

Impact
Easy way to set up git user for hosting git repos.

User Story
If hosting git repositories and controlling access with ssh keys nologin shell cannot be used.

Admin user can change the shell when logged in of course, but would be nice to have it in GUI too.

As an alternative have you considered running gittea or gitlab in docker?

This works very well for me.

1 Like

Yes, but those are huge overkill when you don’t need issue management, pull requests etc, just a remote repo. It is not that I could not achieve what I want, I just think it makes sense:

  1. If tmux is in the list, I don’t see why not git-shell. Granted, bash would do, but if we want to promote the spirit of minimum privileges…
  2. If someone not super versed in admin, that does not know of git-shell, wants to set up a git user to host some git repositories, they get an obvious choice for the shell.

I’m not sure what git-shell is or why you’d need it but here is how you set up a “minimal” git server.

Server side:

  1. Create a user on the server called git.
  2. Make the git user’s home directory to the repository directory on the server. example: /var/db/repositories/git.

Local side:

  1. add an entry into your ~/.ssh/config file for easier entry.
    Host git.local      # or whatever your server is called.
            User git
            Hostname 192.168.x.x
            IdentityFile ~/.ssh/id_rsa
  1. (optional) add your public key for the git user so you don’t have to use a password.
    % ssh-copy-id -i ~/.ssh/id_rsa.pub git
  1. Create a bare repository.
    % cd ~/.git-repositories
    % git init --bare temp.git
  1. put it on the server.
    $ scp -r temp.git git@git.local:git/temp.git
  1. Clone from the server.
    git clone git@git.local:git/temp.git

NOTE: Rise and repeat steps 3-4 as often as necessary.

Hi John,

Thanks for the response. That’s exactly what I did.

Create a user on the server called git.

That is fine, except that user has an operating shell, bash by default. It is not the end of the world, especially if you are firewalled off, but git-shell is designed to give git user minimum capabilities. A matter of habit, if you wish.

Created a pull request 15273

Use rbash?

I mean a jail would be more secure but…

That’s an option, but still the same problem - it is not in the list.

What list?
You cannot start bash with the name rbash or the --restricted switch?

Ah yes, sorry, did not see it there. It seems that I can achieve the same with rbash. Thanks.

1 Like

Not a problem. Just glad I could help.