GIT, AD and SSH. Or how to manage access to GIT via AD
Hello, friend!
As everyone knows, the git version control system is getting quite widespread.
And everything would be fine, but many of their beloved Gitosis are not friendly with AD, and the work via http is a bit stupid.
Especially if configured via WebDAV.
And then I'll tell you a little how to make git friends with AD and then use it via ssh.
To my surprise, I did not see such instructions in Runet (and in the expanses of the international Internet).
')
What we have:
* Debian lenny
* git 1.7
What do you need:
* openlikewise
* acl
So. Quick HOWTO.
1. Set ACL to debian.
Before doing something, check the kernel configuration:
And we look at the presence of:
if not, then the kernel must be rebuilt.
Next, set the ACL itself:
And then edit / etc / fstab.
It was:
It became:
Remount section
Or restart the car for an additional check that everything started up;)
And the last check:
It's all easy.
We go to the site www.likewise.com/download , fill in the information, and send us links to download the script for installation.
Choose what we need and swing:
Well, run:
After you have installed this product, run:
where domainName is the name of your domain, and ADjoinAccount is the user who can add entries to AD. default Administrator
And that's all. Happiness.
Restart and try to log in using an AD account:
The most important thing is left :)
Before adding permissions for groups in the repository, you must first create groups in AD, otherwise there will be an error.
Created groups and now add write access:
For reading:
But in general, that's all.
Enjoy and rejoice!
Additionally, there is a small script that creates a GIT repository and includes the necessary groups: pastebin.com
I look forward to constructive criticism and questions!
Shl. Thank you so much damnerd for your advice and knowledge about git.
ff
As everyone knows, the git version control system is getting quite widespread.
And everything would be fine, but many of their beloved Gitosis are not friendly with AD, and the work via http is a bit stupid.
Especially if configured via WebDAV.
And then I'll tell you a little how to make git friends with AD and then use it via ssh.
To my surprise, I did not see such instructions in Runet (and in the expanses of the international Internet).
')
What we have:
* Debian lenny
* git 1.7
What do you need:
* openlikewise
* acl
So. Quick HOWTO.
1. Set ACL to debian.
Before doing something, check the kernel configuration:
# cat /boot/config-2.6.26-2-686 | grep _ACLAnd we look at the presence of:
CONFIG_EXT3_FS_POSIX_ACL = y
CONFIG_EXT2_FS_POSIX_ACL = y
CONFIG_XFS_POSIX_ACL = y
if not, then the kernel must be rebuilt.
Next, set the ACL itself:
# apt-get install aclAnd then edit / etc / fstab.
It was:
# cat /etc/fstab# file system mount point type options dump pass
proc / proc proc defaults 0 0
/ dev / hda1 / ext3 acl, errors = remount-ro 0 1
/ dev / hda5 none swap sw 0 0
/ dev / hdc / media / cdrom0 udf, iso9660 user, noauto 0 0
/ dev / fd0 / media / floppy0 auto rw, user, noauto 0 0
It became:
# cat /etc/fstab# file system mount point type options dump pass
proc / proc proc defaults 0 0
/ dev / hda1 / ext3 acl , errors = remount-ro 0 1
/ dev / hda5 none swap sw 0 0
/ dev / hdc / media / cdrom0 udf, iso9660 user, noauto 0 0
/ dev / fd0 / media / floppy0 auto rw, user, noauto 0 0
Remount section
# mount -o remount,acl /dev/hda1Or restart the car for an additional check that everything started up;)
And the last check:
# getfacl /path/to/git/testgetfacl: Removing leading '/' from absolute path names
# file: path / to / git / test
# owner: www-data
# group: www-data
user :: rwx
group :: rwx
other :: rx
2. Install likewise-open
It's all easy.
We go to the site www.likewise.com/download , fill in the information, and send us links to download the script for installation.
Choose what we need and swing:
# wget www.likewise.com/bits/6.0/8360/LikewiseOpen-6.0.0.8360-linux-i386-deb.sh
Well, run:
# sh LikewiseOpen-6.0.0.8360-linux-i386-deb.sh
After you have installed this product, run:
/opt/likewise/bin/domainjoin-cli join domainName ADjoinAccount
where domainName is the name of your domain, and ADjoinAccount is the user who can add entries to AD. default Administrator
And that's all. Happiness.
Restart and try to log in using an AD account:
ssh DOMAIN\\username@git-server3. Add rights
The most important thing is left :)
Before adding permissions for groups in the repository, you must first create groups in AD, otherwise there will be an error.
Created groups and now add write access:
setfacl -R -mg:DOMAIN\\group_write:rwx /path/to/git/test;
setfacl -R -d -mg:DOMAIN\\group_write:rwx /path/to/git/test;For reading:
setfacl -R -mg:DOMAIN\\group_read:rX /path/to/git/test
setfacl -R -d -mg:DOMAIN\\group_read:rX /path/to/git/testBut in general, that's all.
Enjoy and rejoice!
Additionally, there is a small script that creates a GIT repository and includes the necessary groups: pastebin.com
I look forward to constructive criticism and questions!
Shl. Thank you so much damnerd for your advice and knowledge about git.
ff
Source: https://habr.com/ru/post/130187/
All Articles