git-shell-commands, contains a collection of scripts for Git Shell accounts. The following covers how to install this branch within a git-shell restricted account.
Bash Variables
_git_user='git-user'
_git_group='devs'
_git_home_base='/srv'
_ssh_pub_key_path='/home/admin/client-keys/git-user/id_rsa.pub'
_git_https_url='https://github.com/git-utilities/git-shell-commands.git'Add Git shell
tee -a /etc/shells 1>/dev/null <<<"$(which git-shell)"Add Git user
adduser\
--system\
--disabled-password\
--gecos ''\
--shell "$(which git-shell)"\
--home "${_git_home_base,,}/${_git_user,,}"\
--ingroup "${_git_group}"\
"${_git_user}"Clone to Git user's home directory
sudo su --login "${_git_user}" --shell /bin/bash <<EOF
git clone --recurse-submodules "${_git_https_url}"
EOFAdd SSH public key
sudo su --login "${_git_user}" --shell /bin/bash <<EOF
mkdir .ssh
tee -a .ssh/authorized_keys 1>/dev/null <<<"$(<"${_ssh_pub_key_path}")"
chmod 600 .ssh/authorized_keys
EOFSet executable permissions
sudo su --login "${_git_user}" --shell /bin/bash <<'EOF'
while IFS= read -r -d '' _path; do
_file_type="$(file --brief --mime-type "${_path}")"
if [[ "${_file_type}" == 'text/x-shellscript' ]]; then
chmod --verbose u+x "${_path}"
fi
done < <(find 'git-shell-commands/' -type f -not -path '*.*' -print0)
EOFTo disable push and pull remove the Git tracking files and directories
sudo su --login "${_git_user}" --shell /bin/bash <<'EOF'
find "./git-shell-commands" -type d -name '.git' -exec bash -c 'rm -r "$0"' {}
find "./git-shell-commands" -type f -name '.git' -exec bash -c 'rm "$0"' {}
find "./git-shell-commands" -type f -name '.gitmodules' -exec bash -c 'rm "$0"' {}
EOFTo disable interactive logins
sudo su --login "${_git_user}" --shell /bin/bash <<EOC
tee 'git-shell-commands/no-interactive-login' 1>/dev/null <<'EOF'
#!/usr/bin/env bash
printf 'Hi %s, you have successfully authenticated!\n' "${USER}"
printf 'However, there is not an interactive shell here.\n'
exit 128
EOF
chmod u+x 'git-shell-commands/no-interactive-login'
EOCTo list scripts available to Git user
ssh "${_git_user}"@localhost -i "${_ssh_pub_key_path}" list --helpExample client ~/.ssh/config SSH configurations such as the following may be useful in making SSH/Git commands more terse
Host git-user
IdentitiesOnly yes
IdentityFile ~/.ssh/id_rsa
HostName 192.168.0.2
User git-user
Each script should have documentation on arguments and usage accessible via --help or -h options
ssh git-user git-init --helpPull Requests are welcomed! Check the Community section for development tips and code of conduct relevant updates.
Git Shell Commands submodule quick start documentation
Copyright (C) 2019 S0AndS0
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation; version 3 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
