Setting Up Git in Conjunction with an ISPConfig chroot (JailKit)

Discussion in 'Installation/Configuration' started by fatbear, Jul 18, 2013.

  1. fatbear

    fatbear Member HowtoForge Supporter

    What I'm trying to do is to have a GIT repository on the server that:

    1. Users can use GIT over SSH remotely.
    2. Users can ssh onto the server and run GIT commands locally.

    Users are to be created all under one client id (e.g., client5).
    Users are to be chrooted so that they can't see other client files on the server (e.g., they cannot see client7's files).
    Users have access to shared GIT repositories (e.g., all GIT repositories created for client5).

    The problem I'm having is that I need to instantiate a GIT repository in just one directory. So, how do all chrooted users see that directory?

    Can anyone explain how to use ISPConfig in conjection with setting up GIT to be shared by many users under one client account?

    Many thanks!
    Last edited: Jul 18, 2013
  2. fatbear

    fatbear Member HowtoForge Supporter

    I edited /etc/jailkit/jk_init.ini and changed under [git] the directories entry to be:

    directories = /usr/share/git-core, /repo

    The /repo directory is where the GIT repository is located.

    Then, I went to the ISPConfig GUI:

    Server Config > myhostname > JailKit​

    and changed Jailkit chroot app sections to include git.

    But, this did not make GIT visible when I connected via SSH to one of the JailKit'd usernames.

    Am I on the right track?
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Did you create a new website to test it? The jail is created once when the first jailed user is created for a new site.
  4. QuetzalFirst

    QuetzalFirst Member

    I have some problem with git under JailKit.
    I want to create a this post-receive hook script:
    GIT_DIR=/repository/devProd.git git --work-tree=/web status
    GIT_DIR=/repository/devProd.git git --work-tree=/web add -A
    GIT_DIR=/repository/devProd.git git --work-tree=/web commit -m "Prod Update $(date)"
    GIT_DIR=/repository/devProd.git git --work-tree=/web rebase master
    So when a user push "master" from git client (sourcetree with ssh:/[email protected]/repository/develProd.git), the post-receive make a commit to add some change made by users of website (images, files update, etc) and after that rebase the checkout branch on "master".
    But when I try the script with c_9gituser account (in jailkit) I got these errors
    bash-4.2$ ./
    Fri May 22 19:09:05 UTC 2015
    # On branch develProd
    # Changes not staged for commit:
    # (use "git add/rm <file>..." to update what will be committed)
    # (use "git checkout -- <file>..." to discard changes in working directory)
    # deleted: TEST.txt
    no changes added to commit (use "git add" and/or "git commit -a")
    error: insufficient permission for adding an object to repository database /repository/devProd.git/objects
    fatal: failed to write commit object
    git: 'rebase' is not a git command. See 'git --help'.

    Have you some hint to setup git properly with jailkit?
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    I havent used git post commit hooks yet, so I cant help you with that issue.
  6. QuetzalFirst

    QuetzalFirst Member

    Hi Till
    The issue is not with git hook. It come with ssh... In ssh with no jailkit (set to none), git rebase work fine. But not with jailkit.
    The post-receive hook is just a shell script that run after receiving a push.
    So I think there is a path or permission that is not set correctly.
    Later today, I will test my script (with hook) with no jailkit set... So I can fine tune them. But really need to jail user in own root before put the service live!
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    A jail contains only a limited set of applications. Git is not part of a jail by default, so when you want to use git in a jail, you have to add it first with the jp_cp command from jailkit. (Same for all other programs that your script uses).
  8. QuetzalFirst

    QuetzalFirst Member

    Ok... And how i can do that or where is the docs?

    (a parenthesis... i have a issue with email alias... It seem that all alias mail in my server is receive by the catch all mailbox... Any hint?)
  9. till

    till Super Moderator Staff Member ISPConfig Developer

Share This Page