I want to set up a server that hosts git repositories over ssh and https with client certificates. I don’t want any snazzy GUI or anything like that (i.e. not Bitbucket, GitLab, etc) I want a bare minimum configuration for hosting repositories only.
However, I do want user separation between repositories.
I already have a solution for the https case, and I have an annoying solution for ssh.
I did some searches for multi-user ssh git server configurations, but the base assumptions for the guides I found was that all users have access to all the repositories. I.e. create a “git” user, add all the users’ public keys to ~git/.ssh/authorized_keys, use git-shell for the “git” user and host all the repos under the “git” user.
What I want to accomplish is to host a bunch of repositories which – by default – users can not access until given explicit permission to do so by having an administrator adding their ssh key to a project.
I have previously accomplished this by assigning each user a different account in the system, and use regular group permissions to do the sharing — but this is cumbersome for a few reasons.
What’s the general theory behind getting this feature to work smoothly?
I assume that the basic idea is to have a single “git” user and have each user in the ~git/authorized_keys, but once ssh has authenticated it passes on information about the authentication to some external user database containing all the repo permissions which is then used to perform file system access checks as appropriate.