Gitolite is a git repository manager that lets users access git repositories on your server. The best part about gitolite
is that you only need one linux user account, and you can change user access permissions to different repositories on
the fly. You can also restrict access to a repository based on an individual commit, branch, tag, etc. This makes gitolite a
great tool for corporate environments or if you want to allow a client to check out the latest source code you're
developing for them.
Gitolite runs great on any linux server, such as Ubuntu, Mint, Mepis, Fedora, etc. This tutorial assumes you have git
installed on your server and know how to use ssh and how SSH public key authentication works. In this tutorial, we'll be
using two computers, the server(where all the repositories will be stored) and the workstation(where you will push/pull
git repositories). I'm assuming that the workstation is also a unix/linux machine. Of course, you can use windows as well.
Also, the workstation and server can be located on the same machine.
Step 1- Set up git user and create ssh public
# On The Server
sudo useradd git # Create git user
sudo passwd git # Create git user's password. Remember This.
sudo su git # switch to git user
echo "PATH=$HOME/bin:$PATH" > ~/.bashrc # Allows you to set up gitolite
# On Workstation as bob (This can also be a user on the same server as gitolite)
ssh-keygen # Generate follow steps, use NO password
scp ~/.ssh/id_rsa.pub git@[host]:bob.pub # copy your pubkey to the git user's home directory, this will be used when
installing gitolite. Substitute "localhost" for [host] if bob is a user on the same machine as git.
Step 2 - Install gitolite
Now we're going to install gitolite from Sitaram's official
github repository. Start by logging in as the git user on your server.
# Install gitolite
git clone git://github.com/sitaramc/gitolite.git
gitolite/src/gl-system-install # install gitolite
gl-setup ~/bob.pub # use bob's pubkey so he can administer gitolite
Step 3 - Configure gitolite-admin
Gitolite administration is done in a git repository called gitolite-admin, stored in the git user's default repo
directory(~/repositories). In order to make changes to gitolite, the administrator (bob) needs to clone
this repository to his account, make the changes, and push them back to the server. As bob, Let's go
ahead and do this.
git clone git@[host]:gitolite-admin.git
Since gitolite-admin is a git repository itself, you can administer it from multiple machines, and you can also specify who
has administrative access to gitolite, just like any other repo. Nice!
Step 4 - Adding Users
Let's add a user to gitolite. This user will be named alice, and we're going to give her read access to
the myrepo repository. Since all gitolite authentication is done with ssh public keys, alice will need to give
you her public key. Let's assume you have placed her public key in a file called alice.pub, stored in your home
cd ~/gitolite-admin # change to the gitolite admin repository
cp ~/alice.pub keydir # copy alice's public key to gitolite-admin
Next, let's specify alice's permissions in the gitolite configuration file, stored in conf/gitolite.conf:
RW+ = bob # let bob read, write, and rewind
R = alice
Save your changes to this file, make a commit, push your changes to gitolite, and you're done! Alice now has read access
to the repository.
Cloning a repository for the first time
Since alice now has read access to myrepo, she needs to clone it to her workstation. Here's what alice will type in:
git clone [user]@[host]:[repo].git # ie: git clone email@example.com:myrepo.git
Limiting access to a specific branch, tag, etc.
You can also limit access to a repository based on a particular branch, tag, commit, etc.
RW alice$ = alice # let alice read/write to the 'alice' branch
RW ali- = alice # let alice read/write to any branch that starts with 'ali'
RW refs/tags/v[0-9] = alice # let alice read/write to any tag v0-v9
This is just the tip of the iceberg! Gitolite allows you to use macros for user/repository groups, and much more. Be sure
to check out the official documentation below.