Today I was trying to get the hang of setting up a remote git repository for shared ssh use by several developers at my day job. I wanted anyone with ssh access to be able to check out the repository, but only those in a specific group to have write access (i.e., a commit bit if you will). So, let’s dive right in using language most folks likely to read this article would associate with classic SCM tools like cvs and svn. Assume two machines with ssh already configured correctly for the users devlord and devserf.
- repo – machine that will hold the master remote repository
- local – local machine that will hold the checked out repository
devlord is in the git group, but devserf is not. Assuming we already have a code base on local let’s get that checked into a new git repository.
cd /var/www/myproj git init
Now configure repo machine.
su - root<br />adduser git<br />mkdir -p /var/git<br />chmod 775 /var/git<br />su git<br />cd /var/git<br />mkdir -p myproj<br />cd myproj<br />git init --bare --shared=0664<br />
The –bare tells git that it will only hold file deltas and binary information for future checkout. It’s the master repository not an actual working repository.
Let’s head back to local and finish up getting our myproj code base into the master repository on repo.
cd /var/www/myproj
git remote add origin ssh://devlord@repo/var/git/myproj
git push origin master
I don’t fully understand origin yet, but it’s akin to a local branch and the master is elsewhere – in this case on repo. The second command pushed local myproj over to the master myproj repo.
Now devserf can checkout a copy of myproj on local.
cd /home/devserf
git clone ssh://devserf@repo/var/git/myproj
However, if devserf modifies myproj and wants to push their changes back to master myproj at repo it will fail because they are not in the git group on repo. Only users in the git group on repo, like devlord, are allowed to make commits back to the master.