{"id":337,"date":"2017-02-03T06:10:00","date_gmt":"2017-02-03T06:10:00","guid":{"rendered":"https:\/\/opstree.com\/blog\/\/2017\/02\/03\/gitolite\/"},"modified":"2019-08-02T07:38:39","modified_gmt":"2019-08-02T07:38:39","slug":"gitolite","status":"publish","type":"post","link":"https:\/\/opstree.com\/blog\/2017\/02\/03\/gitolite\/","title":{"rendered":"Gitolite"},"content":{"rendered":"
\n

 <\/h2>\n

Requirement<\/b><\/h2>\n
We need private git repositories for internally use in our project so we use Gitolite for this requirement. Our client has a lot of consultants, partners and short term employees working with their code so they needed a good way of controlling access to the repos and preferably without giving each of them a unix user on the server where the repo is hosted.<\/b><\/div>\n

What is Gitolite?<\/span><\/strong>
<\/b><\/h2>\n
Gitolite is basically an access layer on top of Git. Users are granted access to repos via a simple config file and we as an admin only needs the users public SSH key and a username from the user. Gitolite uses this to grant or deny access to our Git repositories. And it does this via a git repository named gitolite-admin.<\/b><\/span>

<\/b>

<\/p>\n

Installation<\/h2>\n<\/div>\n
We need a public key and a Gitolite user through which we will setup the Gitolite.<\/b><\/div>\n

<\/p>\n

In this case I have used my base machine(Ubuntu) public key so that only my machine can manage Gitolite.<\/b><\/div>\n

<\/p>\n

Now we will copy this public key to a virtual machine<\/b><\/div>\n

<\/p>\n

$ scp ~\/.ssh\/gitolite.pub git@192.168.0.20:\/home\/git<\/b><\/span><\/div>\n

 <\/b><\/p>\n

where vagrant is the user of my virtual machine & its IP is 192.168.0.20<\/b><\/p>\n

Now we will install & create a gitolite user on remote machine which will be hosting gitolite.<\/b><\/p>\n

root@git:~# apt-get install gitolite3<\/b><\/span><\/div>\n
 <\/div>\n
root@git:~# adduser gitolite<\/b><\/span><\/div>\n
 <\/div>\n
Now we need to remove password of gitolite user from below command<\/b><\/div>\n
 <\/div>\n
root@git:~# passwd -d gitolite<\/b><\/span><\/div>\n
 <\/div>\n
 <\/div>\n
Let’s move & change the ownership of this public key.<\/div>\n
root@git:~# mv gitolite.pub \/home\/gitolite\/<\/span><\/div>\n
root@git:~# chown gitolite:gitolite \/home\/gitolite\/gitolite.pub<\/span><\/div>\n
 <\/div>\n
Become the gitolite user<\/div>\n
 <\/div>\n
root@git:~# su – gitolite<\/span><\/div>\n
 <\/div>\n
Now setup the gitolite with the public key<\/div>\n
 <\/div>\n
gitolite@git:~# gitolite setup -pk gitolite.pub<\/span><\/div>\n
 <\/div>\n
Now to manage the repositories, users and access-rights we will download the gitolite-admin(git repository) to our base machine.<\/div>\n
 <\/div>\n
$ git clone gitolite@192.168.0.20:gitolite-admin<\/span><\/div>\n
$ cd gitolite-admin<\/span><\/div>\n
$ ls -l<\/span><\/div>\n
total<\/span>
8<\/span><\/div>\n
drwxr-xr-x<\/span>
2 nitin nitin 4096 Jan 10 17:52 conf\/<\/span>
drwxr-xr-x<\/span>
2 nitin nitin 4096 Jan  9 13:43 keydir\/<\/span><\/div>\n
 <\/div>\n
where \u201ckeydir\u201d is the directory where we store our user\u2019s keys and that key name must be same as existing username on the system.<\/div>\n
 <\/div>\n
In conf directory there is a \u201cgitolite.conf\u201d file which controls which repositories are available on the system and who has which rights to those repositories.<\/div>\n
We just need to add new repository name & users who will access it and this file will create the repo & grant the permission on it accordingly.<\/div>\n
Let us explore my gitolite.conf file in which I have added a new repository called \u201copstreeblog\u201d<\/div>\n
$ cat conf\/gitolite.conf<\/div>\n

# Group name & members<\/div>\n

@admin = nitin<\/span><\/div>\n
@staff    = jatin james<\/span><\/div>\n
 <\/div>\n
# Gitolite admin repository<\/div>\n

repo gitolite-admin<\/span><\/div>\n
RW+   = gitolite @admin<\/span><\/div>\n
 <\/div>\n
# Read-Write permission to all the users on testing repo<\/div>\n

repo testing<\/span><\/div>\n
RW+    = @all<\/span><\/div>\n
 <\/div>\n
# Read-Write permission to user sandy & the admin group. And Read-Only access to staff group<\/div>\n

repo opstreeblog<\/span><\/div>\n
   RW+   = sandy @admin<\/span><\/div>\n
   R         = @staff<\/span><\/div>\n

<\/p>\n

<\/b><\/b><\/b>where ‘@’ denotes the user group i.e @staff is a group &<\/b> jatin, james are the users of this group and these names must be similar to the key name stored in keydir directory.<\/span>
For example “jatin” user must have the public key named “jatin.pub”<\/span>

<\/b>Let’s have a quick test of our setup<\/b><\/p>\n

$ git commit conf\/gitolite.conf -m \u201cadded opstreeblog repo\u201d<\/b><\/span><\/div>\n
 <\/div>\n
[master 357bbc8] added “opstreeblog” repo<\/b><\/span><\/div>\n
 <\/div>\n
1 files changed, 9 insertions(+), 1 deletions(-)<\/b><\/span><\/div>\n
 <\/div>\n
nitin@Latitude-3460:~\/gitolite-admin$ git push origin master<\/b><\/span><\/div>\n
 <\/div>\n
Counting objects: 7, done.<\/b><\/span><\/div>\n
Delta compression using up to 4 threads.<\/b><\/span><\/div>\n
Compressing objects: 100% (3\/3), done.<\/span><\/div>\n
Writing objects: 100% (4\/4), 428 bytes, done.<\/span><\/div>\n
Total<\/span>
4 (delta 0), reused 0 (delta 0)<\/span><\/div>\n
remote: Initialized empty Git repository in \/home\/gitolite\/repositories\/opstreeblog.git\/<\/span><\/div>\n
To gitbox:gitolite-admin d595439..357bbc8<\/span>
master -> master<\/span><\/div>\n
 <\/div>\n
I hope that gives you a good overview of how to install and manage Gitolite.<\/div>\n

<\/p>\n<\/div>\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

  Requirement We need private git repositories for internally use in our project so we use Gitolite for this requirement. Our client has a lot of consultants, partners and short term employees working with their code so they needed a good way of controlling access to the repos and preferably without giving each of them … Continue reading “Gitolite”<\/span><\/a><\/p>\n","protected":false},"author":150552946,"featured_media":29900,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[1],"tags":[768739308,676319247,768739295,55275420,768739285],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/opstree.com\/blog\/wp-content\/uploads\/2025\/11\/DevSecOps-1.jpg","jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/sfDBOm-gitolite","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts\/337"}],"collection":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/users\/150552946"}],"replies":[{"embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/comments?post=337"}],"version-history":[{"count":4,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts\/337\/revisions"}],"predecessor-version":[{"id":1099,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts\/337\/revisions\/1099"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/media\/29900"}],"wp:attachment":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/media?parent=337"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/categories?post=337"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/tags?post=337"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}