'\" t .\" Title: git-shell .\" Author: [FIXME: author] [see http://www.docbook.org/tdg5/en/html/author] .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 10/07/2024 .\" Manual: Git Manual .\" Source: Git 2.47.0 .\" Language: English .\" .TH "GIT\-SHELL" "1" "10/07/2024" "Git 2\&.47\&.0" "Git Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" git-shell \- Restricted login shell for Git\-only SSH access .SH "SYNOPSIS" .sp .nf \fIchsh\fR \-s $(command \-v git\-shell) \fIgit clone\fR \fB@localhost:/path/to/repo\&.git\fR \fIssh\fR \fB@localhost\fR .fi .sp .SH "DESCRIPTION" .sp This is a login shell for SSH accounts to provide restricted Git access\&. It permits execution only of server\-side Git commands implementing the pull/push functionality, plus custom commands present in a subdirectory named \fBgit\-shell\-commands\fR in the user\(cqs home directory\&. .SH "COMMANDS" .sp \fIgit shell\fR accepts the following commands after the \fB\-c\fR option: .PP \fIgit receive\-pack \fR, \fIgit upload\-pack \fR, \fIgit upload\-archive \fR .RS 4 Call the corresponding server\-side command to support the client\(cqs \fIgit push\fR, \fIgit fetch\fR, or \fIgit archive \-\-remote\fR request\&. .RE .PP \fIcvs server\fR .RS 4 Imitate a CVS server\&. See \fBgit-cvsserver\fR(1)\&. .RE .sp If a \fB~/git\-shell\-commands\fR directory is present, \fIgit shell\fR will also handle other, custom commands by running "\fBgit\-shell\-commands/ \fR" from the user\(cqs home directory\&. .SH "INTERACTIVE USE" .sp By default, the commands above can be executed only with the \fB\-c\fR option; the shell is not interactive\&. .sp If a \fB~/git\-shell\-commands\fR directory is present, \fIgit shell\fR can also be run interactively (with no arguments)\&. If a \fBhelp\fR command is present in the \fBgit\-shell\-commands\fR directory, it is run to provide the user with an overview of allowed actions\&. Then a "git> " prompt is presented at which one can enter any of the commands from the \fBgit\-shell\-commands\fR directory, or \fBexit\fR to close the connection\&. .sp Generally this mode is used as an administrative interface to allow users to list repositories they have access to, create, delete, or rename repositories, or change repository descriptions and permissions\&. .sp If a \fBno\-interactive\-login\fR command exists, then it is run and the interactive shell is aborted\&. .SH "EXAMPLES" .sp To disable interactive logins, displaying a greeting instead: .sp .if n \{\ .RS 4 .\} .nf $ chsh \-s /usr/bin/git\-shell $ mkdir $HOME/git\-shell\-commands $ cat >$HOME/git\-shell\-commands/no\-interactive\-login <<\eEOF #!/bin/sh printf \*(Aq%s\en\*(Aq "Hi $USER! You\*(Aqve successfully authenticated, but I do not" printf \*(Aq%s\en\*(Aq "provide interactive shell access\&." exit 128 EOF $ chmod +x $HOME/git\-shell\-commands/no\-interactive\-login .fi .if n \{\ .RE .\} .sp .sp To enable git\-cvsserver access (which should generally have the \fBno\-interactive\-login\fR example above as a prerequisite, as creating the git\-shell\-commands directory allows interactive logins): .sp .if n \{\ .RS 4 .\} .nf $ cat >$HOME/git\-shell\-commands/cvs <<\eEOF if ! test $# = 1 && test "$1" = "server" then echo >&2 "git\-cvsserver only handles \e"server\e"" exit 1 fi exec git cvsserver server EOF $ chmod +x $HOME/git\-shell\-commands/cvs .fi .if n \{\ .RE .\} .sp .SH "SEE ALSO" .sp ssh(1), \fBgit-daemon\fR(1), contrib/git\-shell\-commands/README .SH "GIT" .sp Part of the \fBgit\fR(1) suite