1 .\"
2 .\" Copyright (c) 2022 Stefan Sperling
3 .\"
4 .\" Permission to use, copy, modify, and distribute this software for any
5 .\" purpose with or without fee is hereby granted, provided that the above
6 .\" copyright notice and this permission notice appear in all copies.
7 .\"
8 .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 .\"
16 .Dd $Mdocdate$
17 .Dt GOTSH 1
18 .Os
19 .Sh NAME
20 .Nm gotsh
21 .Nd Game of Trees Shell
22 .Sh SYNOPSIS
23 .Nm Fl c Sq Cm git-receive-pack Ar repository-path
24 .Nm Fl c Sq Cm git-upload-pack Ar repository-path
25 .Sh DESCRIPTION
26 .Nm
27 is the network-facing interface to
28 .Xr gotd 8 .
29 It implements the server-side part of the Git network protocol used by
30 .Xr git 1
31 and
32 .Xr got 1 .
33 .Pp
34 .Nm
35 is not an interactive shell.
36 .Nm
37 is intended to be configured as the login shell of Git repository
38 user accounts on servers running
39 .Xr gotd 8 .
40 If users require a different login shell,
41 .Nm
42 can be installed in the command search path under the names
43 .Cm git-receive-pack
44 and
45 .Cm git-upload-pack .
46 .Pp
47 The users can then interact with
48 .Xr gotd 8
49 over the network.
50 When users invoke commands such as
51 .Cm got send
52 and
53 .Cm got fetch
54 on client machines,
55 .Xr got 1
56 will connect to the server with
57 .Xr ssh 1 .
58 .Nm
59 will facilitate communication between
60 .Xr gotd 8
61 running on the server machine and the
62 .Xr got 1
63 or
64 .Xr git 1
65 program running on the client machine.
66 .Pp
67 Users running
68 .Nm
69 should not have access to Git repositories by means other than
70 accessing the unix socket of
71 .Xr gotd 8
72 via
73 .Nm .
74 .Pp
75 It is recommended to restrict
76 .Xr ssh 1
77 features available to users of
78 .Nm .
79 See the
80 .Sx EXAMPLES
81 section for details.
82 .Sh ENVIRONMENT
83 .Bl -tag -width GOTD_UNIX_SOCKET
84 .It Ev GOTD_UNIX_SOCKET
85 Set the path to the unix socket which
86 .Xr gotd 8
87 is listening on.
88 If not specified, the default path
89 .Pa /var/run/gotd.sock
90 will be used.
91 .El
92 .Sh EXAMPLES
93 .Xr sshd_config 5
94 directives such as the following are recommended to protect the server
95 machine and any systems reachable from it, especially if anonymous users
96 are allowed to connect:
97 .Bd -literal -offset indent
98 Match User developer
99     DisableForwarding yes
100     PermitTTY no
101 .Ed
102 .Pp
103 It can be convenient to add all relevant users to a common group, such as
104 .Dq developers ,
105 and then use this group as the Match criteria:
106 .Bd -literal -offset indent
107 Match Group developers
108     DisableForwarding yes
109     PermitTTY no
110 .Ed
111 .Pp
112 Anonymous users can be given public read-only access by using a
113 .Xr gotd.conf 5
114 access rule such as the following:
115 .Bd -literal -offset indent
116 repository "public" {
117 	path "/var/git/public.git"
118 	permit ro anonymous
119 }
120 .Ed
121 .Pp
122 The anonymous user account should have a publicly known password, or can be
123 set up with an empty password in which case the user's
124 .Xr vipw 8
125 entry would look similar to this example:
126 .Bd -literal
127 anonymous::1002:1002::0:0:Anonymous:/home/anonymous:/usr/local/bin/gotsh
128 .Ed
129 .Pp
130 Use of an empty password must be explicitly allowed in
131 .Xr sshd_config 5 :
132 .Bd -literal -offset indent
133 Match User anonymous
134     PasswordAuthentication yes
135     PermitEmptyPasswords yes
136     DisableForwarding yes
137     PermitTTY no
138 .Ed
139 .Sh SEE ALSO
140 .Xr got 1 ,
141 .Xr ssh 1 ,
142 .Xr gotd.conf 5 ,
143 .Xr sshd_config 5 ,
144 .Xr gotd 8
145 .Sh AUTHORS
146 .An Stefan Sperling Aq Mt stsp@openbsd.org