master TOC | chapter TOC | support | license

WARNING: This is not the latest gitolite; please see the README

Hosting git repositories

Gitolite allows you to setup git hosting on a central server, with fine-grained access control and many (many!) more powerful features.

quick install

If you're comfortable with Unix and ssh, and you have a relatively sane setup, the following steps should work:

You're done. If it didn't work, well that's what the install doc is for, especially the if you run into trouble section.

WARNING: do NOT add repos or users directly on the server! You MUST manage the server by cloning the special 'gitolite-admin' repo on your workstation (git clone git@server:gitolite-admin), making changes, and pushing them. Here's how to add users and repos.

what to read...

Gitolite comes with a lot of documentation. The master TOC (see link above) is the only comprehensive list of what is there, but here's an overview.

Finally, tips has a lot of useful information.

what is gitolite?

Gitolite is an access control layer on top of git. Here's an "executive summary":

why is gitolite needed?: Link

why did I write it?

The most important feature I needed was per-branch permissions. This is pretty much mandatory in a corporate environment, and is almost the single reason I started thinking about writing gitolite.

It's not just "read-only" versus "read-write". Rewinding a branch (aka "non fast forward push") is potentially dangerous, but sometimes needed. So is deleting a branch (which is really just an extreme form of rewind). I needed something in between allowing anyone to do it (the default) and disabling it completely (receive.denyNonFastForwards or receive.denyDeletes).

some more features: Link


Due to the environment in which this was created and the need it fills, I consider this a "security" program, albeit a very modest one.

The first person to find a hole that allows a non-admin user to push a change to a repository that he is not allowed to, will get a modest reward of 5000 INR. The hole should not require enabling any of the options listed as having a security impact in the rc file, nor obvious things like setting the umask too loose, etc.

contact and license: Link