Documentation / git-shell.txton commit graph: add commit graph design document (ae30d7b)
   1git-shell(1)
   2============
   3
   4NAME
   5----
   6git-shell - Restricted login shell for Git-only SSH access
   7
   8
   9SYNOPSIS
  10--------
  11[verse]
  12'chsh' -s $(command -v git-shell) <user>
  13'git clone' <user>`@localhost:/path/to/repo.git`
  14'ssh' <user>`@localhost`
  15
  16DESCRIPTION
  17-----------
  18
  19This is a login shell for SSH accounts to provide restricted Git access.
  20It permits execution only of server-side Git commands implementing the
  21pull/push functionality, plus custom commands present in a subdirectory
  22named `git-shell-commands` in the user's home directory.
  23
  24COMMANDS
  25--------
  26
  27'git shell' accepts the following commands after the `-c` option:
  28
  29'git receive-pack <argument>'::
  30'git upload-pack <argument>'::
  31'git upload-archive <argument>'::
  32        Call the corresponding server-side command to support
  33        the client's 'git push', 'git fetch', or 'git archive --remote'
  34        request.
  35'cvs server'::
  36        Imitate a CVS server.  See linkgit:git-cvsserver[1].
  37
  38If a `~/git-shell-commands` directory is present, 'git shell' will
  39also handle other, custom commands by running
  40"`git-shell-commands/<command> <arguments>`" from the user's home
  41directory.
  42
  43INTERACTIVE USE
  44---------------
  45
  46By default, the commands above can be executed only with the `-c`
  47option; the shell is not interactive.
  48
  49If a `~/git-shell-commands` directory is present, 'git shell'
  50can also be run interactively (with no arguments).  If a `help`
  51command is present in the `git-shell-commands` directory, it is
  52run to provide the user with an overview of allowed actions.  Then a
  53"git> " prompt is presented at which one can enter any of the
  54commands from the `git-shell-commands` directory, or `exit` to close
  55the connection.
  56
  57Generally this mode is used as an administrative interface to allow
  58users to list repositories they have access to, create, delete, or
  59rename repositories, or change repository descriptions and
  60permissions.
  61
  62If a `no-interactive-login` command exists, then it is run and the
  63interactive shell is aborted.
  64
  65EXAMPLE
  66-------
  67
  68To disable interactive logins, displaying a greeting instead:
  69
  70----------------
  71$ chsh -s /usr/bin/git-shell
  72$ mkdir $HOME/git-shell-commands
  73$ cat >$HOME/git-shell-commands/no-interactive-login <<\EOF
  74#!/bin/sh
  75printf '%s\n' "Hi $USER! You've successfully authenticated, but I do not"
  76printf '%s\n' "provide interactive shell access."
  77exit 128
  78EOF
  79$ chmod +x $HOME/git-shell-commands/no-interactive-login
  80----------------
  81
  82To enable git-cvsserver access (which should generally have the
  83`no-interactive-login` example above as a prerequisite, as creating
  84the git-shell-commands directory allows interactive logins):
  85
  86----------------
  87$ cat >$HOME/git-shell-commands/cvs <<\EOF
  88if ! test $# = 1 && test "$1" = "server"
  89then
  90        echo >&2 "git-cvsserver only handles \"server\""
  91        exit 1
  92fi
  93exec git cvsserver server
  94EOF
  95$ chmod +x $HOME/git-shell-commands/cvs
  96----------------
  97
  98SEE ALSO
  99--------
 100ssh(1),
 101linkgit:git-daemon[1],
 102contrib/git-shell-commands/README
 103
 104GIT
 105---
 106Part of the linkgit:git[1] suite