GNU Rush – a restricted user shell (split by section):   Section:   Chapter:FastBack: Usage Tips   Up: Usage Tips   FastForward: Test Mode   Contents: Table of ContentsIndex: Concept Index

6.6 git

Remote access to Git repositories over ssh causes execution of git-receive-pack and git-upload-pack on the server. The simplest rule for Git is:

rule git
  command ^git-(receive|upload)-pack
  transform[0] s|^|/usr/bin/|

The transform action is necessary to ensure the proper location of Git binaries to use. This example supposes they are placed in /usr/bin, you will have to tailor it if they are located elsewhere on your system.

To limit Git accesses to repositories under /gitroot directory, use match[1] construct, as shown in the example below:

rule git
  command ^git-(receive|upload)-pack
  match[1] ^/gitroot[^ ]+\.git$
  transform[0] s|^|/usr/bin/|

To provide more helpful error messages, you may follow this rule by a trap rule (see trap rules):

# Trap the rest of Git requests:
rule git-trap
  command ^git-.+
  exit fatal: access to this repository is denied.

GNU Rush – a restricted user shell (split by section):   Section:   Chapter:FastBack: Usage Tips   Up: Usage Tips   FastForward: Test Mode   Contents: Table of ContentsIndex: Concept Index