Blob


1 <!DOCTYPE html>
2 <html>
3 <head>
4 <meta charset="utf-8"/>
5 <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
6 <link rel="stylesheet" href="mandoc.css" type="text/css" media="all"/>
7 <title>GOTSH(1)</title>
8 </head>
9 <!-- This is an automatically generated file. Do not edit.
10 Copyright (c) 2022 Stefan Sperling
12 Permission to use, copy, modify, and distribute this software for any
13 purpose with or without fee is hereby granted, provided that the above
14 copyright notice and this permission notice appear in all copies.
16 THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
17 WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
18 MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
19 ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
20 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
21 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
22 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
23 -->
24 <body>
25 <div class="head" role="doc-pageheader" aria-label="Manual header
26 line"><span class="head-ltitle">GOTSH(1)</span> <span class="head-vol">General
27 Commands Manual</span> <span class="head-rtitle">GOTSH(1)</span></div>
28 <main class="manual-text">
29 <section class="Sh">
30 <h2 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h2>
31 <p class="Pp"><code class="Nm">gotsh</code> &#x2014;
32 <span class="Nd" role="doc-subtitle">Game of Trees Shell</span></p>
33 </section>
34 <section class="Sh">
35 <h2 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h2>
36 <table class="Nm">
37 <tr>
38 <td><code class="Nm">gotsh <code class="Fl">-c</code>
39 &#x2018;<code class="Cm">git-receive-pack</code>
40 <var class="Ar">repository-path</var>&#x2019;</code></td>
41 <td></td>
42 </tr>
43 </table>
44 <br/>
45 <table class="Nm">
46 <tr>
47 <td><code class="Nm">gotsh <code class="Fl">-c</code>
48 &#x2018;<code class="Cm">git-upload-pack</code>
49 <var class="Ar">repository-path</var>&#x2019;</code></td>
50 <td></td>
51 </tr>
52 </table>
53 </section>
54 <section class="Sh">
55 <h2 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h2>
56 <p class="Pp"><code class="Nm">gotsh</code> is the network-facing interface to
57 <a class="Xr" aria-label="gotd, section 8">gotd(8)</a>. It implements the
58 server-side part of the Git network protocol used by
59 <a class="Xr" aria-label="git, section 1">git(1)</a> and
60 <a class="Xr" aria-label="got, section 1">got(1)</a>.</p>
61 <p class="Pp"><code class="Nm">gotsh</code> is not an interactive shell.
62 <code class="Nm">gotsh</code> is intended to be configured as the login
63 shell of Git repository user accounts on servers running
64 <a class="Xr" aria-label="gotd, section 8">gotd(8)</a>. If users require a
65 different login shell, <code class="Nm">gotsh</code> can be installed in the
66 command search path under the names <code class="Cm">git-receive-pack</code>
67 and <code class="Cm">git-upload-pack</code>.</p>
68 <p class="Pp">The users can then interact with <a class="Xr" aria-label="gotd,
69 section 8">gotd(8)</a> over the network. When users invoke commands such as
70 <code class="Cm">got send</code> and <code class="Cm">got fetch</code> on
71 client machines, <a class="Xr" aria-label="got, section 1">got(1)</a> will
72 connect to the server with <a class="Xr" aria-label="ssh, section
73 1">ssh(1)</a>. <code class="Nm">gotsh</code> will facilitate communication
74 between <a class="Xr" aria-label="gotd, section 8">gotd(8)</a> running on
75 the server machine and the <a class="Xr" aria-label="got, section
76 1">got(1)</a> or <a class="Xr" aria-label="git, section 1">git(1)</a>
77 program running on the client machine.</p>
78 <p class="Pp">Users running <code class="Nm">gotsh</code> should not have access
79 to Git repositories by means other than accessing the unix socket of
80 <a class="Xr" aria-label="gotd, section 8">gotd(8)</a> via
81 <code class="Nm">gotsh</code>.</p>
82 <p class="Pp">It is recommended to restrict <a class="Xr" aria-label="ssh,
83 section 1">ssh(1)</a> features available to users of
84 <code class="Nm">gotsh</code>. See the
85 <a class="Sx" href="#EXAMPLES">EXAMPLES</a> section for details.</p>
86 </section>
87 <section class="Sh">
88 <h2 class="Sh" id="ENVIRONMENT"><a class="permalink" href="#ENVIRONMENT">ENVIRONMENT</a></h2>
89 <dl class="Bl-tag">
90 <dt id="GOTD_UNIX_SOCKET"><a class="permalink" href="#GOTD_UNIX_SOCKET"><code class="Ev">GOTD_UNIX_SOCKET</code></a></dt>
91 <dd>Set the path to the unix socket which <a class="Xr" aria-label="gotd,
92 section 8">gotd(8)</a> is listening on. If not specified, the default path
93 <span class="Pa">/var/run/gotd.sock</span> will be used.</dd>
94 </dl>
95 </section>
96 <section class="Sh">
97 <h2 class="Sh" id="EXAMPLES"><a class="permalink" href="#EXAMPLES">EXAMPLES</a></h2>
98 <p class="Pp"><a class="Xr" aria-label="sshd_config, section
99 5">sshd_config(5)</a> directives such as the following are recommended to
100 protect the server machine and any systems reachable from it, especially if
101 anonymous users are allowed to connect:</p>
102 <div class="Bd Pp Bd-indent Li">
103 <pre>Match User developer
104 DisableForwarding yes
105 PermitTTY no</pre>
106 </div>
107 <p class="Pp">It can be convenient to add all relevant users to a common group,
108 such as &#x201C;developers&#x201D;, and then use this group as the Match
109 criteria:</p>
110 <div class="Bd Pp Bd-indent Li">
111 <pre>Match Group developers
112 DisableForwarding yes
113 PermitTTY no</pre>
114 </div>
115 <p class="Pp">Anonymous users can be given public read-only access by using a
116 <a class="Xr" aria-label="gotd.conf, section 5">gotd.conf(5)</a> access rule
117 such as the following:</p>
118 <div class="Bd Pp Bd-indent Li">
119 <pre>repository &quot;public&quot; {
120 path &quot;/var/git/public.git&quot;
121 permit ro anonymous
122 }</pre>
123 </div>
124 <p class="Pp">The anonymous user account should have a publicly known password,
125 or can be set up with an empty password in which case the user's
126 <a class="Xr" aria-label="vipw, section 8">vipw(8)</a> entry would look
127 similar to this example:</p>
128 <div class="Bd Pp Li">
129 <pre>anonymous::1002:1002::0:0:Anonymous:/home/anonymous:/usr/local/bin/gotsh</pre>
130 </div>
131 <p class="Pp">Use of an empty password must be explicitly allowed in
132 <a class="Xr" aria-label="sshd_config, section 5">sshd_config(5)</a>:</p>
133 <div class="Bd Pp Bd-indent Li">
134 <pre>Match User anonymous
135 PasswordAuthentication yes
136 PermitEmptyPasswords yes
137 DisableForwarding yes
138 PermitTTY no</pre>
139 </div>
140 </section>
141 <section class="Sh">
142 <h2 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE
143 ALSO</a></h2>
144 <p class="Pp"><a class="Xr" aria-label="got, section 1">got(1)</a>,
145 <a class="Xr" aria-label="ssh, section 1">ssh(1)</a>,
146 <a class="Xr" aria-label="gotd.conf, section 5">gotd.conf(5)</a>,
147 <a class="Xr" aria-label="sshd_config, section 5">sshd_config(5)</a>,
148 <a class="Xr" aria-label="gotd, section 8">gotd(8)</a></p>
149 </section>
150 <section class="Sh">
151 <h2 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h2>
152 <p class="Pp"><span class="An">Stefan Sperling</span>
153 &lt;<a class="Mt" href="mailto:stsp@openbsd.org">stsp@openbsd.org</a>&gt;</p>
154 </section>
155 </main>
156 <div class="foot" role="doc-pagefooter" aria-label="Manual footer
157 line"><span class="foot-left"></span><span class="foot-date">February 22,
158 2023</span> <span class="foot-os">OpenBSD 7.2</span></div>
159 </body>
160 </html>