On Wed, 2 Oct 2013 13:36:42 -0700 (PDT)
job...@students.rowan.edu wrote:

> I am trying to prevent users from attempting certain operations on my 
> repository which is located on a Linux server by employing
> Server-Side hooks. The Git manual recommends creating a shell wrapper
> script to set a USER environment variable, which will then be used to
> restrict certain permissions. I looked for the better part of
> yesterday for a guide on how to do this (*as I'm new to both unix and
> git*), but was unable to find anything definitive. So I started
> piecing things together and trying different options.

First, can't you just install gitolite [1] and make it handle
everything for you automagically?  It supports virtual Git users (that
is, it requires only a single account in the system while individual
developers authenticate using their own SSH public keys, and are
distinguished based on this; by the way to implement this it uses the
same feature of the authorized_keys file you're attempting to exploit)
and provides for per repository- and per-branch access controls,
including groups of developers etc.  Both access rules and developers'
public keys are managed using a special administrative Git repository.

> After wasting
> close to two days now I am sitting at a solution I feel should work,
> but am unable to actually clone a directory at. 
> I have defined the following bash script:
> #!/bin/bash
> export USER=$1
> /bin/bash
> In the authorized_keys file I call this script with a user parameter
> whom would be logging in. At this point, git would use the update
> script (which is not currently in place) and do whatever it needs to
> do. However I've been attempting a basic clone and I'm stuck at the
> command line after the .git folder has been created, and before any
> files have been brought down. Can you link me to a guide for this or
> explain what I'm doing wrong? 

Well, could you explain this in a bit more detail?
Does the repository you're attempting to clone have any commits
recorded in it?  Does Git client errors out when cloning?

Next, I fail to see why Git would use the update script (do you mean
hook?) if you do cloning?  An update hook script, if present, is called
by Git which is receiving changes which are being *pushed* to the
repository by another Git process; when you clone, this does not happen
as you're *fetching* the changes.

In the end, I suspect you're on a wrong track: hooks are there to
affect Git's behaviour but they do not implement the behaviour.
I mean, when you push commits to another repository via SSH, a special
process, git-receive-pack, is spawned on the remote machine, and then it
communicates with the git-send-pack process running on your local
machine; they communicate over the tunnel set up by SSH.  Hooks are
called at key points of git-receive-pack's transision through its
action sequence defined by the exchange protocol.  So if you want to
subvert git-receive-pack (that's what you're trying to do, as I
understand) then you should employ forced commands in your
authorized_keys file, and that forced command should be a script which
ultimately calls $SSH_ORIGINAL_COMMAND after performing the require
setup.  Refer to the authorized_keys manual page.

1. https://github.com/sitaramc/gitolite

You received this message because you are subscribed to the Google Groups "Git 
for human beings" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to git-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to