Setting up your own git server with individual user accounts

Setting up your own git server with individual user accounts

This is sort of covered in other spots, but not as clearly and from scratch. Here’s a complete guide that shows how to set up your own git server and git clients. I found this setup handy when trying out some more complex git merging commands and experimenting with remotes while learning git.

I tested this on Ubuntu 16.04 by creating an Ubuntu virtual machine and then cloning it. 1 VM for the server, and 2 for clients. I used bridged networking so each would get their own IP address, but that’s not required as long as the VM’s can communicate with each other over TCP/IP.

There are two ways to set the git accounts up. The first way shown has all client users accessing the repository through the same server user account. While each user’s submissions will be labeled correctly in the git log, having everyone use the same system account isn’t safe computing practices for groups. Instead, if you follow the instructions in the optional part you can use individual user accounts and keep things more safe.

Client/Server Setup

First, on the server:

  1. Make sure ssh is installed on the server:
    server$ sudo apt-get install openssh-server
  2. Make sure sshd is running/listed when you do a ps. If not, reboot or restart it.
    server$ ps -A | grep sshd
  3. Make sure git is installed:
    server$ sudo apt-get install git-core
  4. Add a user to the server that will hold the git repositories
    server$ sudo adduser git
    server$ sudo passwd git
    server$ su - git
    server$ mkdir -p .ssh

Next, on your client:

  1. Make sure git is installed
    client$ sudo apt-get install git-core
  2. Create an ssh key. While not strictly required, it’s a good idea to add a passcode to the key when prompted during key creation.
    client$ ssh-keygen -t rsa

    This should create a file called id_rsa.pub in your ~/.ssh directory. See documentation on ssh-keygen for full details.

  3. Copy the ssh key to the server’s git directory:
    client$ scp ~/.ssh/id_rsa.pub git@server.com:/home/git/client_id_rsa.pub

Back on server:

  1. Add the client user’s key to the ssh list in the /home/git/.ssh directory
    server$ mkdir ~/.ssh
  2. Append the client user key to the list of authorized keys
    server$ cat ~/client_id_rsa.pub >> ~/.ssh/authorized_keys
  3. Create a new group called ‘gituser’ we’ll use for users to access our repository in /home/git/
    sudo groupadd gituser
    sudo usermod -a -G gituser git
  4. Log out completely and back in. You MUST do this for group assignment to take effect orsubsequent chgrp/chmod commands won’t work.
  5. Make the git repository and tell it to share based on the group the user belongs to.
    server$ cd ~git
    server$ mkdir -p mydepot
    server$ cd mydepot
    server$ git init --bare --shared=group
    Initialized empty Git repository in /home/git/mydepot/
  6. Set the permissions on the repository directory so that anyone in the new ‘gituser’ group can access it.
    chgrp -R gituser /home/git/mydepot
    chmod -R g+rw /home/git/mydepot
    chmod g+s `find /home/git/mydepot -type d`

Back on client (if it is a clean client without files for the repo):

  1. Test your ssh connection by trying to ssh into the server (using the git user)
  2. Create the local project:
    client$ mkdir -p depot/project1
    client$ cd depot/project1
    client$ git config --global user.email "you@client.com"
    client$ git config --global user.name "clientUsername"
  3. Clone the remote to your local system
    client$ git clone ssh://git@serverurl_or_ip:/home/git/mydepot/ .

Enter your username password and you’re done. The clone and the remote should be connected. Push/Fetch as normal. See the optional part below if you don’t want to use a global git user account on the server.

Or – Back on client that HAS existing files you want to get to the server:

Lets say you have a client that already has a bunch of files or even a git repository and you want to start using a remote repository. Here’s how you can add those local files into the remote server repository you just created.

  1. Initialize the repository where your client files are
    client$ git init
      Initialized empty Git repository in <blah>
    client$ git add .
    client$ git commit
      <Write something about this being a commit from the client>
  2. If you are going to using the git user account for all users, connect the project to your server this way:
    client$ git remote add origin ssh://git@serverurl_or_ip:/home/git/mydepot/

    If you don’t want to use the git account, then you must first create a user account on the server that matches the client userid (making sure to set the group/user properties on the server account), then use this:

    client$ git remote add origin ssh://serverurl_or_ip:/home/git/mydepot/

    Enter the password for your username or the ‘git’ server user depending on which one you used.

  3. Set up git configuration to avoid warnings and push:
    client$ git config --global push.default simple
    client$ git push --set-upstream origin master

    You will be prompted for the passkey you used when you created your RSA key in the above push step. Enter that passkey (not your git/user account password).

Optional – Using user accounts instead of a global ‘git’ account on the server.

The previous instructions had everyone use the same ‘git’ server user account when checking in – which means everyone must have the ‘git’ server account password. The log will show the right names, but security-wise this isn’t always best to use one global account on servers.

If you have more than one user but want everyone to log in separately, simply create a user account on the server like this:

On client for each client user:

  1. Create a ssh key on your client as before.
  2. Copy that key .pub to the server and append it to the authorized_keys file as above.
    client$ scp .ssh/myclient_id_rsa.pub git@serverurl_or_ip:/home/git

On server:

  1. Append the client’s public key to the authorized keys
    server$ cat ~/myclient_id_rsa.pub >> ~/.ssh/authorized_keys
  2. Create a user account that matches the userid on the client
    server$ sudo useradd client_username
    server$ sudo passwd client_username
  3. Make sure the new user account has access to the /home/git/ project directories by setting their group membership:
    server$ sudo usermod -a -G gituser client_username

From now on, you don’t need to specify the git user account. Do not put the git@ part into the git clone url and use the username’s password when asked to log in:

client$ git clone ssh://serverurl_or_ip:/home/git/mydepot .

This method works great, but does require that you keep the client and server userid account passwords synced.

Setting up a Windows client:

Once the server is set up, you’re almost there. Microsoft has written a good guide. You’ll need OpenSSH or Windows 10 installed the generate an ssh key (if you don’t have one already).
https://docs.microsoft.com/en-us/vsts/git/use-ssh-keys-to-authenticate?view=vsts

Resource links:

3 thoughts on “Setting up your own git server with individual user accounts

  1. Your page is helping me think through some problems I have setting this up.

    It would be more standard to create the git bare repo with .git on name, as in

    git init –bare –shared=group myrepo.git

    That creates folder “myrepo.git”.

    Then on client, if you don’t want “.git” on the name, do the clone and assign a name.

    git clone usernamerepo/myrepo.git myrepo

    I think the permission changes you recommend after creating the repo are interesting, but not necessary if you create the repository in a directory where permissions are already git.gituser

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.