Install and Configure Git on the Server
On the Ubuntu server I have for Istarel Workshop, the package manager is called Aptitude. Much like MacPorts, installing Git is a single Unix command.
ssh iwuser@www.istarelworkshop.com sudo aptitude install git-core
Establish a Git Unix User
On the remote (production) server, I want to establish git as a Unix user responsible for the management of the Git repositories.
sudo adduser git
Adding user `git' ... Adding new group `git' (1002) ... Adding new user `git' (1001) with group `git' ... Creating home directory `/home/git' ... Copying files from `/etc/skel' ... Enter new UNIX password: secret Retype new UNIX password: secret
The idea here is to have it possible for multiple remote users work with the repository on istarelworkshop.com. As such, I will create a .ssh directory for the git user and create an authorized keys file.
sudo su - git mkdir .ssh chmod 700 .ssh touch /home/git/.ssh/authorized_keys exit
Anyone who intends to contribute to the repository must append their public ssh key to authorized_keys (a task often handled by the server administrator, to whom the developers send their public ssh key). This makes it possible, for example, to push changes to the repository without having to log in to the remote server as the git user.
sudo cat ~/.ssh/authorized_keys >> /home/git/.ssh/authorized_keys
At this point, git is a "normal" Unix user in every way, including having the default bash shell with which to execute commands. One key security principle is to allow users to perform only those activities necessary to their job. For the git user, that means I want to apply a special shell that only permits Git commands.
sudo chsh -s /usr/bin/git-shell git
Prepare the remote repository
The parent directory for the git repositories will be owned by me, but all the git directories will be owned by git. To deploy the application that runs istarelworkshop.com, I need two such respositories: iw for the application, and fw for Istarel Workshop Application Framework with which the application is built. In each directory, I establish a bare repository.
sudo mkdir /var/git sudo chown `whoami` /var/git cd /var/git mkdir iw && cd iw git --bare init sudo chown -R git:git . cd /var/git mkdir fw && cd fw git --bare init sudo chown -R git:git .