Git作为一个分布式的版本控制系统
功能虽然强大,但其在用户权限管理方面比较弱
使用Gitosis,可以方便的给git的某个仓库添加对应的用户和权限
以下记录一下安装和配置的过程:

1.保证服务器上有python和setuptools包

2.获取并安装gitosis


cd gitosis
git clone git://eagain.net/gitosis.git
python setup.py instll


3.新建一个git用户


useradd git


4.在需要管理gitosis的Client机器上,生成rsa公钥


ssh-keygen -t rsa
mv id_rsa.pub ysz.pub
scp ysz.pub xxxxx:~/.ssh/


5.初始化gitosis


sudo -H -u git gitosis-init < ~/.ssh/ysz.pub
chmod 755 /home/git/repositories/gitosis-admin.git/hooks/post-update


6.Client端配置gitosis

git clone git@192.168.95.26:gitosis-admin.git


注意:如果Gitosis管理员在clone时也出现read access denied
可以直接到gitosis的目录上去修改对应的配置文件
路径一般在/home/git/repositories/gitosis-admin.git/gitosis.conf

一个gitosis.conf的例子


[gitosis]
loglevel = DEBUG

[group gitosis-admin]
writable = gitosis-admin
members = ysz

[group mailcenter]
writable = gitosis_test gitosis_test2
members = ysz baboy

[group mailcenter_ro]
readonly = gitosis_test
members = ysz_pc

[repo gitosis_test2]
description = gitosis test2 project
owner = ysz


这样,ysz和baboy对gitosis_test和gitosis_test2仓库都有读写权限
但是,ysz_pc只对gitosis_test只有读的权限,也即只能clone和pull,不能push
注意:当增加新用户时,需要把对应的userid.pub文件给拷贝到keydir目录下,然后push上去就可以了
然后,对应的userid就可以

git clone git@xxxxx:gitosis-test.git


7.如果需要设置一个仓库为公共仓库,不需要rsa公钥即可访问
首先启动git daemon

sudo -u git git daemon --base-path=/home/git/repositories/


然后到要共享的仓库目录下

touch git-daemon-export-ok


这样,任何人都可以

git clone git://xxxxx/gitosis_test2


注意,通过git协议来clone的仓库,默认是没有push权限的
如果要开通匿名的push权限,可以加一个--enable=receive-pack参数

sudo -u git git daemon --enable=receive-pack --base-path=/home/git/repositories/


如果要以守护进程的方式运行git-daemon,可编辑/etc/xinetd.d/git

service git
{
disable = no
socket_type = stream
wait = no
user = git
group = git
server = /usr/local/libexec/git-core/git-daemon
server_args = --inetd --syslog --verbose --base-path=/home/git/repositories/ --enable=receive-pack
}


然后,再重启xinetd

service xinetd restart