3

I have a standard gitosis setup that I would like to backup using rsync. When I try:

rsync -avz git@192.168.0.2:/home/git git_origin/

or

rsync -avz --rsync-path 'sudo rsync' 192.168.0.2:/home/git git_origin/

It copes no repository files. Pretty sure it has to do with how the 'git' user has no password and complete ownership of all files in it's /home/git/repositories directory structure. Since you can't 'ssh git' or 'su git' I can't achieve the correct permission level.

So, how do I use rsync to backup all my gitosis repositories?

Karl
  • 1,585
  • 2
  • 13
  • 22
  • 1
    No one? Seems like this should be a fairly common function for those running their own gitosis server. – Karl Sep 21 '10 at 20:23

3 Answers3

1

Easiest way IMO would be to add a custom key into your authorized_keys file for the git user.

Add in an entry above the line that says ### autogenerated by gitosis, DO NOT EDIT as the root user under /home/git/.ssh/authorized_keys (on most Linux systems) and you should be good to go. Gitosis by default ignores custom entries to the authorized_keys file when regenerating it.

If you want to lock the server down more, you can always add a custom command= directive before the key entry, googling "rsync ssh lock down" gives you http://sixohthree.com/1458/locking-down-rsync-using-ssh as the first hit, which should get you started.

The only other way of grabbing the files over rsync without jumping through some random user switching hoops (as in user->root->git switches) would be to use ssh to connect as the root user and grab the files with it.

Both running as the root user and ssh'ing as the git user by providing a custom authorized_keys entry should give you the permissions you need to access the files you want to rsync.

photoionized
  • 5,092
  • 20
  • 23
  • I believe the entire authorized_keys file is auto-generated so this will not work. – Arrowmaster Apr 21 '11 at 19:31
  • Notice my comment about the fact that gitosis ignores custom `authorized_keys` entries when rewriting the `authorized_keys` file. Any entry added in manually will be retained, no matter what is in the keydir. I've rewritten gitosis before so that it works with other repositories that have SSH protocols, I guarantee this is how it works and that the above will succeed. – photoionized Apr 21 '11 at 19:57
  • If you want to look into the code that defines this behavior look at `filterAuthorizedKeys` inside `ssh.py` in the gitosis source. – photoionized Apr 21 '11 at 20:00
  • While this may have worked for gitosis, it seems to break gitolite. It's a shame too, this would have been a really simple way to setup the rsync. – quickshiftin Mar 25 '15 at 15:36
  • OK... so it ***does*** work. Just make sure it's not one of the same keys used by your gitolite accounts!! – quickshiftin Mar 25 '15 at 16:04
0

I was using this script for a start for my customized scripts, and it is using 

--rsync-path='sudo /usr/bin/rsync'

Maybe that could help?

chris polzer
  • 3,219
  • 3
  • 28
  • 44
  • Although you have access to the repositories, you have extra work to do in order to maintain some kind of backup user and to loop over the repositories cloning, updating etc. rsync is way more direct an approach in my opinion. – quickshiftin Mar 25 '15 at 15:37
  • well yes, after some time I am still using rsync for server backup, so yes, the pulling/pushing idea was not the best one, that's why I edited the upper post and removed that part with backing up via git. Although I must say I was having quite some fun with git-mirrors... – chris polzer Mar 26 '15 at 08:03
0

gitolite lists rsync as one of the supported external commands that it can provide authorization for.

I have not done this but I believe you can set this up with a specific ssh key allowed to use rsync on every repository. The first step is setting $RSYNC_BASE in the gitolite.rc file. The example.conf shows how to specify permissions for rsync.

And encase you are wondering why I answered about gitolite instead of gitosis, gitosis is unmaintained, deprecated, and dead, stop using it and switch to gitolite.

Arrowmaster
  • 9,143
  • 2
  • 28
  • 25