5

I have 2 users in question

git user - used for gitosis - so it's a No password user and it can be accessed only through root...

user user - where my files reside

so what I would like to do is give the user git rights to navigate to a luddico folder like this

git@domain.me:~/respositories# cd /home/user/websites/domain.com

and then perform any action inside the user user files (any file/folder) so this way I can for example

git@domain.com:/home/user/websites/domain.com#  git pull

because actually the action metioned above, returns:

error: cannot open .git/FETCH_HEAD: Permission denied

so when I ask for actions like this, it requests git's password which btw doesn't have any, or cancel it straight away

so How could I configure the user git to have like root/admin rights over the user user without need to provide any password or sudo before the commands? just like if it was root

  • It would be even nicer if there is a way to just allow specific commands from git to user

Thanks in advance

zanona
  • 335
  • 2
  • 3
  • 8
  • For my single-user repos, I access `grawity@someserver.com:foo.git` in git directly. Simpler than gitosis. – user1686 Jan 29 '10 at 15:06

2 Answers2

5

As requested, a bit of a tutorial on groups. Hopefully this isn't too elementary.

By default, most user accounts are also part of a group of the same name. To determine what groups an account is a member of, use the groups command.

# groups root
root : root bin daemon sys adm disk wheel

The first one listed is the primary group, and will be the default group owner of any files that user creates. That's listed in the output of ls as the second 'root' entry.

# touch testfile
# ls -l testfile
-rw-r--r--  1 root root 19 Jan 29 08:37 testfile

In order to add a user to a group, you use usermod as shown. The lowercase "-g" flag you gave it changes the primary group. It may be better to change just a secondary one, using the "-G" and "-a" flag. Namely, to put the git user into luddico's group.

# usermod -G luddico -a git
# groups git
git : git luddico

This should give git access to any files that are owned by the luddico group, and have appropriate group permissions. Group permissions are the second "rwx" set listed in ls. The testfile I showed above only allows read access by the root group. If you wanted to give all members of that group write access, you would have to use chmod for that.

# ls -l testfile
-rw-r--r--  1 root root 19 Jan 29 08:37 testfile
# chmod g+w testfile
# ls -l testfile
-rw-rw-r--  1 root root 19 Jan 29 08:37 testfile

Now anyone in the root group can read or write to testfile. Apply the same concept to Luddico's files.

Christopher Karel
  • 6,442
  • 1
  • 26
  • 34
3

If you want to grant a user (such as git in your examples) access to another user's space, put them in the same group and set group rights accordingly.

If you need more complex access control list functionality, you should look into POSIX ACLs as provided by getfacl(1) and setfacl(1).

dotplus
  • 1,220
  • 7
  • 12
  • Thanks dotplus, I've added a new group with root access with groupadd web, then I've usermod -g web git and usermod -g web ludicco, but apparently it still doesn't have the proper rights, very sorry but I'm new to all of this, so you if could please post some example on how I should proceed I'd appreciate that. Thanks a lot – zanona Jan 29 '10 at 13:51
  • if 'git' and 'ludicco' are both in the group 'web', then you can ensure that they both have read/write access to a file with chmod g+rw /path/to/file. In order to enter a directory, your id or a group that you are a member of should have execute rights on that directory. – dotplus Jan 29 '10 at 17:11