GNU Rush legacy configuration syntax (split by node):   Section:   Chapter:FastBack: Usage Tips   Up: Usage Tips   FastForward: Copying This Manual   Contents: Table of ContentsIndex: Concept Index

9.6 git

Remote access to Git repositories over ssh causes execution of git-receive-pack and git-upload-pack on the server. The simplest rule for Git is:

rule git
  set $command ~ "^git-(receive|upload)-pack"
  set [0] =~ "s|^|/usr/bin/|"

The set action is necessary to ensure the proper location of Git binaries to use. This example supposes they are placed in /usr/bin, you will have to tailor it if they are located elsewhere on your system.

To limit Git accesses to repositories under /gitroot directory, modify the ‘$1’, as shown in the example below:

rule git
  match $command ~ "^git-(receive|upload)-pack"
  set [1] =~ "^/gitroot[^ ]+\.git$"
  set [0] =~ "s|^|/usr/bin/|"

To provide more helpful error messages, you may follow this rule by a trap rule (see trap rules):

# Trap the rest of Git requests:
rule git-trap
  match $command ~ "^git-.+"
  exit "fatal: access to this repository is denied."