0

I am setting up a Mac OSX 1.6 server to host Git repositories. As such we need to push commits to the server through SSH.

The server has only an admin account and uses a user list from a LDAP server.

Now, since it is accessing the server through a non interactive shell, git operations are not able to complete since git executables are not in the default path.

As the users are network users, they do not have a local home folder. So I cannot use a ~/.bashrc and the like solution.

I browsed over several articles here and there but could not get it working in a nice and clean setup.

Here are the infos on the methods I gathered so far:

  • I could update the default PATH environment to include the git executables folder. However, I could not manage to do it successfully. Updating /etc/paths didn't change anything and since it's not an interactive shell, /etc/profile and /etc/bashrc are ignored.

  • From the ssh manpage, I read that a BASH_ENV variable can be set to get an optional script to be executed. However I cannot figure how to set it system wide on the server. If it needs to be set up on the client machine, this is not an acceptable solution. If someone has some info on how it is supposed to be done, please, by all means!

  • I can fix this problem by creating a .bashrc with PATH correction in the system root (since all network users would start here as they do not have home). But it just feels wrong. Additionally, if we do create a home folder for an user, then the git command would fail again.

  • I can install a third party application to set up hooks on the login and then run a script creating a home directory with the necessary path corrections. This smells like a backyard tinkering and duct tape solution.

  • I can install a small script on the server and ForceCommand the sshd to this script on login. This script will then look for a command to execute ($SSH_ORIGINAL_COMMAND) and trigger a login shell to run this command, or just trigger a regular login shell for an interactive session. The full details of this method can be found here: http://marc.info/?l=git&m=121378876831164

The last one is the best method I found so far.

Any suggestions on how to deal with this properly?

The Mighty Rubber Duck
  • 297
  • 5
  • 9

2 Answers2

0

Have you looked at Gitosis or Gitolite? Both allow you to more easily manage users and SSH keys for pushing commits, as well creating repositories.

I've been using Gitolite for a while and would probably recommend it over Gitosis, as it's a little easier to install and offers per-branch permission control. You can even split the config into multiple files and delegate it out.

(Sorry, I'm new and could only post one link.)

Community
  • 1
  • I didn't know Gitolite. Thanks for the link. However, I have been asked to provide a solution without relying on third party tools/scripts (like gitosis or other similar tools). The repository will only be accessed by the dev team and all of them should be able to commit to any project, so I don't need in depth control of permissions. Basically, I need to stick with the standard system tools and git. – The Mighty Rubber Duck May 07 '10 at 02:22
0

Add pam_env.so to the PAM stack for sshd, and configure it to add the appropriate directory to $PATH. If OS X doesn't have a separate stack for sshd then it should be safe to put it in the main auth stack.

Ignacio Vazquez-Abrams
  • 45,939
  • 6
  • 79
  • 84