F=index Hosting git repositories

Gitolite allows you to setup git hosting on a central server, with fine-grained access control and many (many!) more powerful features.

#qi quick install

If you're comfortable with Unix and ssh, and you have a relatively sane setup, the following steps should work:

You're done. If it didn't work, well that's what the [install][] doc is for, especially the [if you run into trouble][insttrouble] section.

WARNING: do NOT add repos or users directly on the server! You MUST manage the server by cloning the special 'gitolite-admin' repo on your workstation (git clone git@server:gitolite-admin), making changes, and pushing them. Here's how to [add users and repos][add].

#rtfm what to read...

Gitolite comes with a lot of documentation. The master TOC (see link above) is the only comprehensive list of what is there, but here's an overview.

Finally, [tips][] has a lot of useful information.

#gl_what what is gitolite?

Gitolite is an access control layer on top of git. Here's an "executive summary":

F=need_ why is gitolite needed?

Gitolite is separate from git, and needs to be installed and configured. So... why do we bother?

Gitolite is useful in any server that is going to host multiple git repositories, each with many developers, where some sort of access control is required.

In theory, this can be done with plain old Unix permissions: each user is a member of one or more groups, each group "owns" one or more repositories, and using unix permissions (especially the setgid bit -- chmod g+s) you can allow/disallow users access to repos.

But there are several disadvantages here:

Gitolite does away with all this:

why did I write it?

The most important feature I needed was per-branch permissions. This is pretty much mandatory in a corporate environment, and is almost the single reason I started thinking about writing gitolite.

It's not just "read-only" versus "read-write". Rewinding a branch (aka "non fast forward push") is potentially dangerous, but sometimes needed. So is deleting a branch (which is really just an extreme form of rewind). I needed something in between allowing anyone to do it (the default) and disabling it completely (receive.denyNonFastForwards or receive.denyDeletes).

F=morefeatures_ some more features

Here're some more features.

security

Due to the environment in which this was created and the need it fills, I consider this a "security" program, albeit a very modest one.

The first person to find a hole that allows a non-admin user to push a change to a repository that he is not allowed to, will get a modest reward of 5000 INR. The hole should not require enabling any of the options listed as having a [security impact][rcsecurity] in the rc file, nor obvious things like setting the umask too loose, etc.

F=license contact and license

The gitolite software is released under GPL v2. See COPYING for details.

The gitolite documentation is provided under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.