自己的服务器到期,转移自己博客内容至此。
之前写的 搭建git服务器 适合小团队。当团队人数较多时,可将git权限集中管理。
一、创建git用户,禁止git用户直接登陆
[root@git ~]# adduser --system --shell /bin/sh --create-home --home-dir /home/git git [root@git ~]# cd /home/git [root@git git]# mkdir repositories [root@git git]# chown git:git -R ./repositories [root@git git]# chmod 700 ./repositories
二、下载gitolite权限管理并安装
[root@git git]# su git sh-4.2$ git clone git://github.com/sitaramc/gitolite Cloning into ‘gitolite’… remote: Counting objects: 9509, done. remote: Compressing objects: 100% (12/12), done. remote: Total 9509 (delta 4), reused 5 (delta 2), pack-reused 9495 Receiving objects: 100% (9509/9509), 3.00 MiB | 23.00 KiB/s, done. Resolving deltas: 100% (5881/5881), done. sh-4.2$ mkdir -p $HOME/bin sh-4.2$ gitolite/install -to $HOME/bin #以上为切换到git用户,下载gitolite权限管理,并安装在/home/git/bin目录。
三、客户端上传公钥到git服务器
[root@gitclient01 ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): [root@gitclient01 xjycf]# scp -P 958 /root/.ssh/id_rsa.pub root@10.8.8.34:/tmp/ The authenticity of host ‘[10.8.8.34]:958 ([10.8.8.34]:958)’ can’t be established. ECDSA key fingerprint is 5b:de:8f:57:c8:c8:39:ec:09:d1:d6:89:a6:04:7f:8b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘[10.8.8.34]:958’ (ECDSA) to the list of known hosts. root@10.8.8.34’s password: id_rsa.pub 100% 398 0.4KB/s 00:00
四、在git服务器把客户端提升为gitolite权限管理员
sh-4.2$ su Password: [root@git git]# cd /tmp/ [root@git tmp]# ll total 40 -rw-r–r– 1 root root 398 Dec 8 15:11 id_rsa.pub [root@git tmp]# mv id_rsa.pub admin.pub [root@git tmp]# ll total 40 -rw-r–r– 1 root root 398 Dec 8 15:11 admin.pub [root@git tmp]# su git sh-4.2$ $HOME/bin/gitolite setup -pk admin.pub Initialized empty Git repository in /home/git/repositories/gitolite-admin.git/ Initialized empty Git repository in /home/git/repositories/testing.git/ WARNING: /home/git/.ssh missing; creating a new one (this is normal on a brand new install) WARNING: /home/git/.ssh/authorized_keys missing; creating a new one (this is normal on a brand new install) #以上命令为切到git服务器,把/tmp下的id_rsa.pub改为admin.pub。
然后切回到git用户,并设置admin.pub为管理员。
且自动安装了gitolite-admin.git和testing.git。
gitolite-admin为权限管理的,不可以删除。
五、权限测试
[root@git git]# cd /home/git/repositories/ [root@git repositories]# ll total 0 drwx—— 8 git git 181 Dec 8 15:13 gitolite-admin.git drwx—— 7 git git 162 Dec 8 15:13 testing.git [root@git repositories]# git init –bare quanxian.git Initialized empty Git repository in /home/git/repositories/quanxian.git/ [root@git repositories]# chown -R git.git quanxian.git/ [root@git repositories]# chmod 700 quanxian.git/ #以上为进入仓库目录,创建一个名为quanxian.git的项目。客户端测试拉取。
客户管理端:
[root@gitclient01 ~] cd /data/wwwroot [root@gitclient01 wwwroot]# git clone ssh://git@10.8.8.34:958/gitolite-admin Cloning into ‘gitolite-admin’… remote: Counting objects: 6, done. remote: Compressing objects: 100% (4/4), done. remote: Total 6 (delta 0), reused 0 (delta 0) Receiving objects: 100% (6/6), done. #将git服务器端的gitolite-admin.git项目克隆下来。 [root@gitclient01 wwwroot]# cd gitolite-admin [root@gitclient01 gitolite-admin]# ll total 0 drwxr-xr-x 2 root root 27 Dec 8 15:15 conf drwxr-xr-x 2 root root 23 Dec 8 15:15 keydir #gitolite-admin有两个目录: conf/gitolite.confo为admin管理权限的。 keydir目录为存放其他用户的公钥的。 [root@gitclient01 gitolite-admin]# cd conf/ [root@gitclient01 conf]# vi gitolite.conf repo gitolite-admin RW+ = admin repo testing RW+ = @all repo quanxian RW+ = admin [root@gitclient01 gitolite-admin]# git add conf/gitolite.conf [root@gitclient01 gitolite-admin]# git commit -m “add quanxian” [master 1d8fb2f] add quanxian 1 file changed, 3 insertions(+) [root@gitclient01 gitolite-admin]# git push Counting objects: 7, done. Compressing objects: 100% (3/3), done. Writing objects: 100% (4/4), 375 bytes | 0 bytes/s, done. Total 4 (delta 0), reused 0 (delta 0) To ssh://git@10.8.8.34:958/gitolite-admin 854c8a0..1d8fb2f master -> master [root@gitclient01 wwwroot]# git clone ssh://git@10.8.8.34:958/quanxian Cloning into ‘quanxian’… warning: You appear to have cloned an empty repository. #测试已经克隆了quanxian项目。
完成!