自己的服務器到期,轉移自己博客內容至此。
之前寫的 搭建git服務器 適合小團隊。當團隊人數較多時,可將git權限集中管理。
一、創建git用戶,禁止git用戶直接登陸
[root@git ~]# adduser --system --shell /bin/sh --create-home --home-dir /home/git git [root@git ~]# cd /home/git [root@git git]# mkdir repositories [root@git git]# chown git:git -R ./repositories [root@git git]# chmod 700 ./repositories
二、下載gitolite權限管理並安裝
[root@git git]# su git sh-4.2$ git clone git://github.com/sitaramc/gitolite Cloning into ‘gitolite’… remote: Counting objects: 9509, done. remote: Compressing objects: 100% (12/12), done. remote: Total 9509 (delta 4), reused 5 (delta 2), pack-reused 9495 Receiving objects: 100% (9509/9509), 3.00 MiB | 23.00 KiB/s, done. Resolving deltas: 100% (5881/5881), done. sh-4.2$ mkdir -p $HOME/bin sh-4.2$ gitolite/install -to $HOME/bin #以上為切換到git用戶,下載gitolite權限管理,並安裝在/home/git/bin目錄。
三、客戶端上傳公鑰到git服務器
[root@gitclient01 ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): [root@gitclient01 xjycf]# scp -P 958 /root/.ssh/id_rsa.pub root@10.8.8.34:/tmp/ The authenticity of host ‘[10.8.8.34]:958 ([10.8.8.34]:958)’ can’t be established. ECDSA key fingerprint is 5b:de:8f:57:c8:c8:39:ec:09:d1:d6:89:a6:04:7f:8b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘[10.8.8.34]:958’ (ECDSA) to the list of known hosts. root@10.8.8.34’s password: id_rsa.pub 100% 398 0.4KB/s 00:00
四、在git服務器把客戶端提升為gitolite權限管理員
sh-4.2$ su Password: [root@git git]# cd /tmp/ [root@git tmp]# ll total 40 -rw-r–r– 1 root root 398 Dec 8 15:11 id_rsa.pub [root@git tmp]# mv id_rsa.pub admin.pub [root@git tmp]# ll total 40 -rw-r–r– 1 root root 398 Dec 8 15:11 admin.pub [root@git tmp]# su git sh-4.2$ $HOME/bin/gitolite setup -pk admin.pub Initialized empty Git repository in /home/git/repositories/gitolite-admin.git/ Initialized empty Git repository in /home/git/repositories/testing.git/ WARNING: /home/git/.ssh missing; creating a new one (this is normal on a brand new install) WARNING: /home/git/.ssh/authorized_keys missing; creating a new one (this is normal on a brand new install) #以上命令為切到git服務器,把/tmp下的id_rsa.pub改為admin.pub。
然后切回到git用戶,並設置admin.pub為管理員。
且自動安裝了gitolite-admin.git和testing.git。
gitolite-admin為權限管理的,不可以刪除。
五、權限測試
[root@git git]# cd /home/git/repositories/ [root@git repositories]# ll total 0 drwx—— 8 git git 181 Dec 8 15:13 gitolite-admin.git drwx—— 7 git git 162 Dec 8 15:13 testing.git [root@git repositories]# git init –bare quanxian.git Initialized empty Git repository in /home/git/repositories/quanxian.git/ [root@git repositories]# chown -R git.git quanxian.git/ [root@git repositories]# chmod 700 quanxian.git/ #以上為進入倉庫目錄,創建一個名為quanxian.git的項目。客戶端測試拉取。
客戶管理端:
[root@gitclient01 ~] cd /data/wwwroot [root@gitclient01 wwwroot]# git clone ssh://git@10.8.8.34:958/gitolite-admin Cloning into ‘gitolite-admin’… remote: Counting objects: 6, done. remote: Compressing objects: 100% (4/4), done. remote: Total 6 (delta 0), reused 0 (delta 0) Receiving objects: 100% (6/6), done. #將git服務器端的gitolite-admin.git項目克隆下來。 [root@gitclient01 wwwroot]# cd gitolite-admin [root@gitclient01 gitolite-admin]# ll total 0 drwxr-xr-x 2 root root 27 Dec 8 15:15 conf drwxr-xr-x 2 root root 23 Dec 8 15:15 keydir #gitolite-admin有兩個目錄: conf/gitolite.confo為admin管理權限的。 keydir目錄為存放其他用戶的公鑰的。 [root@gitclient01 gitolite-admin]# cd conf/ [root@gitclient01 conf]# vi gitolite.conf repo gitolite-admin RW+ = admin repo testing RW+ = @all repo quanxian RW+ = admin [root@gitclient01 gitolite-admin]# git add conf/gitolite.conf [root@gitclient01 gitolite-admin]# git commit -m “add quanxian” [master 1d8fb2f] add quanxian 1 file changed, 3 insertions(+) [root@gitclient01 gitolite-admin]# git push Counting objects: 7, done. Compressing objects: 100% (3/3), done. Writing objects: 100% (4/4), 375 bytes | 0 bytes/s, done. Total 4 (delta 0), reused 0 (delta 0) To ssh://git@10.8.8.34:958/gitolite-admin 854c8a0..1d8fb2f master -> master [root@gitclient01 wwwroot]# git clone ssh://git@10.8.8.34:958/quanxian Cloning into ‘quanxian’… warning: You appear to have cloned an empty repository. #測試已經克隆了quanxian項目。
完成!