Blob

Date:
Message:
remove the gotsh group requirement from gotd; any user can now connect Repository access is now controlled by access rules in gotd.conf, and concurrent connections to the gotd socket by local users are limited by the listen process. We should keep refining our anti-DoS measures in the future, but at least we have something in place now. ok jamsek, op
Actions:
History | Blame | Raw File
1 .\"

2 .\" Copyright (c) 2022 Stefan Sperling

3 .\"

4 .\" Permission to use, copy, modify, and distribute this software for any

5 .\" purpose with or without fee is hereby granted, provided that the above

6 .\" copyright notice and this permission notice appear in all copies.

7 .\"

8 .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

9 .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

10 .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

11 .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

12 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

13 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

14 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

15 .\"

16 .Dd $Mdocdate$

17 .Dt GOTSH 1

18 .Os

19 .Sh NAME

20 .Nm gotsh

21 .Nd Game of Trees Shell

22 .Sh SYNOPSIS

23 .Nm Fl c Sq Cm git-receive-pack Ar repository-path

24 .Nm Fl c Sq Cm git-upload-pack Ar repository-path

25 .Sh DESCRIPTION

26 .Nm

27 is the network-facing interface to

28 .Xr gotd 8 .

29 It implements the server-side part of the Git network protocol used by

30 .Xr git 1

31 and

32 .Xr got 1 .

33 .Pp

34 .Nm

35 is not an interactive shell.

36 .Nm

37 is intended to be configured as the login shell of Git repository

38 user accounts on servers running

39 .Xr gotd 8 .

40 If users require a different login shell,

41 .Nm

42 can be installed in the command search path under the names

43 .Cm git-receive-pack

44 and

45 .Cm git-upload-pack .

46 .Pp

47 The users can then interact with

48 .Xr gotd 8

49 over the network.

50 When users invoke commands such as

51 .Cm got send

52 and

53 .Cm got fetch

54 on client machines,

55 .Xr got 1

56 will connect to the server with

57 .Xr ssh 1 .

58 .Nm

59 will facilitate communication between

60 .Xr gotd 8

61 running on the server machine and the

62 .Xr got 1

63 or

64 .Xr git 1

65 program running on the client machine.

66 .Pp

67 Users running

68 .Nm

69 should not have access to Git repositories by means other than

70 accessing the unix socket of

71 .Xr gotd 8

72 via

73 .Nm .

74 .Pp

75 It is recommended to restrict

76 .Xr ssh 1

77 features available to users of

78 .Nm .

79 See the

80 .Sx EXAMPLES

81 section for details.

82 .Sh ENVIRONMENT

83 .Bl -tag -width GOTD_UNIX_SOCKET

84 .It Ev GOTD_UNIX_SOCKET

85 Set the path to the unix socket which

86 .Xr gotd 8

87 is listening on.

88 If not specified, the default path

89 .Pa /var/run/gotd.sock

90 will be used.

91 .El

92 .Sh EXAMPLES

93 .Xr sshd_config 5

94 directives such as the following are recommended to protect the server

95 machine and any systems reachable from it, especially if anonymous users

96 are allowed to connect:

97 .Bd -literal -offset indent

98 Match User anonymous

99     DisableForwarding yes

100     PermitTTY no

101 .Ed

102 .Pp

103 It can be convenient to add all relevant users to a common group, such as

104 .Dq developers ,

105 and then use this group as the Match criteria:

106 .Bd -literal -offset indent

107 Match Group developers

108     DisableForwarding yes

109     PermitTTY no

110 .Ed

111 .Sh SEE ALSO

112 .Xr got 1 ,

113 .Xr ssh 1 ,

114 .Xr gotd.conf 5 ,

115 .Xr sshd_config 5 ,

116 .Xr gotd 8

117 .Sh AUTHORS

118 .An Stefan Sperling Aq Mt stsp@openbsd.org