搭建git服务器（权限管理）

自己的服务器到期，转移自己博客内容至此。

之前写的 搭建git服务器 适合小团队。当团队人数较多时，可将git权限集中管理。

一、创建git用户，禁止git用户直接登陆

[root@git ~]# adduser --system --shell /bin/sh --create-home --home-dir /home/git git
[root@git ~]# cd /home/git
[root@git git]# mkdir repositories
[root@git git]# chown git:git -R ./repositories
[root@git git]# chmod 700 ./repositories

二、下载gitolite权限管理并安装

[root@git git]# su git
sh-4.2$ git clone git://github.com/sitaramc/gitolite
Cloning into ‘gitolite’…

remote: Counting objects: 9509, done.
remote: Compressing objects: 100% (12/12), done.
remote: Total 9509 (delta 4), reused 5 (delta 2), pack-reused 9495
Receiving objects: 100% (9509/9509), 3.00 MiB | 23.00 KiB/s, done.
Resolving deltas: 100% (5881/5881), done.
sh-4.2$ mkdir -p $HOME/bin
sh-4.2$ gitolite/install -to $HOME/bin
#以上为切换到git用户，下载gitolite权限管理，并安装在/home/git/bin目录。

三、客户端上传公钥到git服务器

[root@gitclient01 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
[root@gitclient01 xjycf]# scp -P 958 /root/.ssh/id_rsa.pub root@10.8.8.34:/tmp/
The authenticity of host ‘[10.8.8.34]:958 ([10.8.8.34]:958)’ can’t be established.
ECDSA key fingerprint is 5b:de:8f:57:c8:c8:39:ec:09:d1:d6:89:a6:04:7f:8b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘[10.8.8.34]:958’ (ECDSA) to the list of known hosts.
root@10.8.8.34’s password:
id_rsa.pub 100% 398 0.4KB/s 00:00

四、在git服务器把客户端提升为gitolite权限管理员

sh-4.2$ su
Password:
[root@git git]# cd /tmp/
[root@git tmp]# ll
total 40
-rw-r–r– 1 root root 398 Dec 8 15:11 id_rsa.pub
[root@git tmp]# mv id_rsa.pub admin.pub
[root@git tmp]# ll
total 40
-rw-r–r– 1 root root 398 Dec 8 15:11 admin.pub
[root@git tmp]# su git
sh-4.2$ $HOME/bin/gitolite setup -pk admin.pub
Initialized empty Git repository in /home/git/repositories/gitolite-admin.git/
Initialized empty Git repository in /home/git/repositories/testing.git/
WARNING: /home/git/.ssh missing; creating a new one
(this is normal on a brand new install)
WARNING: /home/git/.ssh/authorized_keys missing; creating a new one
(this is normal on a brand new install)
#以上命令为切到git服务器，把/tmp下的id_rsa.pub改为admin.pub。

然后切回到git用户，并设置admin.pub为管理员。

且自动安装了gitolite-admin.git和testing.git。

gitolite-admin为权限管理的，不可以删除。

五、权限测试

[root@git git]# cd /home/git/repositories/
[root@git repositories]# ll
total 0
drwx—— 8 git git 181 Dec 8 15:13 gitolite-admin.git
drwx—— 7 git git 162 Dec 8 15:13 testing.git
[root@git repositories]# git init –bare quanxian.git
Initialized empty Git repository in /home/git/repositories/quanxian.git/
[root@git repositories]# chown -R git.git quanxian.git/
[root@git repositories]# chmod 700 quanxian.git/
#以上为进入仓库目录，创建一个名为quanxian.git的项目。客户端测试拉取。

客户管理端：

[root@gitclient01 ~] cd /data/wwwroot
[root@gitclient01 wwwroot]# git clone ssh://git@10.8.8.34:958/gitolite-admin
Cloning into ‘gitolite-admin’…
remote: Counting objects: 6, done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 6 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (6/6), done.
#将git服务器端的gitolite-admin.git项目克隆下来。
[root@gitclient01 wwwroot]# cd gitolite-admin
[root@gitclient01 gitolite-admin]# ll
total 0
drwxr-xr-x 2 root root 27 Dec 8 15:15 conf
drwxr-xr-x 2 root root 23 Dec 8 15:15 keydir
#gitolite-admin有两个目录：
conf/gitolite.confo为admin管理权限的。
keydir目录为存放其他用户的公钥的。
[root@gitclient01 gitolite-admin]# cd conf/
[root@gitclient01 conf]# vi gitolite.conf
repo gitolite-admin
RW+ = admin
repo testing
RW+ = @all
repo quanxian
RW+ = admin
[root@gitclient01 gitolite-admin]# git add conf/gitolite.conf
[root@gitclient01 gitolite-admin]# git commit -m “add quanxian”
[master 1d8fb2f] add quanxian
1 file changed, 3 insertions(+)
[root@gitclient01 gitolite-admin]# git push
Counting objects: 7, done.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (4/4), 375 bytes | 0 bytes/s, done.
Total 4 (delta 0), reused 0 (delta 0)
To ssh://git@10.8.8.34:958/gitolite-admin
854c8a0..1d8fb2f master -> master
[root@gitclient01 wwwroot]# git clone ssh://git@10.8.8.34:958/quanxian
Cloning into ‘quanxian’…
warning: You appear to have cloned an empty repository.
#测试已经克隆了quanxian项目。

完成！