git-annex-shell(1)

1git-annex-shell(1)          General Commands Manual         git-annex-shell(1)
2
3
4

NAME

6       git-annex-shell - Restricted login shell for git-annex only SSH access
7

SYNOPSIS

9       git-annex-shell [-c] command [params ...]
10

DESCRIPTION

12       git-annex-shell  is a restricted shell, similar to git-shell, which can
13       be used as a login shell for SSH accounts.
14
15       Since its syntax is identical to git-shell's,  it  can  be  used  as  a
16       drop-in  replacement  anywhere git-shell is used. For example it can be
17       used as a user's restricted login shell.
18

COMMANDS

20       Any command not listed below is passed through to git-shell.
21
22       Note that the directory parameter should be an absolute path, otherwise
23       it  is  assumed  to  be relative to the user's home directory. Also the
24       first "/~/" or "/~user/" is expanded to the specified home directory.
25
26       configlist directory
27              This outputs a subset of the git configuration, in the same form
28              as  git config --list. This is used to get the annex.uuid of the
29              remote repository.
30
31              When run in a repository that does not yet have  an  annex.uuid,
32              one  will  be created, as long as a git-annex branch has already
33              been pushed to the repository, or if the autoinit=1 flag is used
34              to indicate initialization is desired.
35
36       p2pstdio directory uuid
37              This  causes  git-annex-shell to communicate using the git-annex
38              p2p protocol over stdio.
39
40              The uuid is the one belonging to the  repository  that  will  be
41              communicating with git-annex-shell.
42
43       notifychanges directory
44              This  is used by git-annex remotedaemon to be notified when refs
45              in the remote repository are changed.
46
47       gcryptsetup directory gcryptid
48              Sets up a repository as a gcrypt repository.
49
50       inannex directory [key ...]
51              This checks if all specified keys are present in the annex,  and
52              exits zero if so.
53
54              Exits 1 if the key is certainly not present in the annex.  Exits
55              100 if it's unable to tell (perhaps the key is in the process of
56              being removed from the annex).
57
58              Used only by the gcrypt special remote.
59
60       recvkey directory key
61              This  runs rsync in server mode to receive the content of a key,
62              and stores the content in the annex.
63
64              Used only by the gcrypt special remote.
65
66       sendkey directory key
67              This runs rsync in server mode to transfer out the content of  a
68              key.
69
70              Used only by the gcrypt special remote.
71
72       dropkey directory [key ...]
73              This drops the annexed data for the specified keys.
74
75              Used only by the gcrypt special remote.
76

OPTIONS

78       --uuid=UUID
79
80              git-annex uses this to specify the UUID of the repository it was
81              expecting git-annex-shell to access, as a sanity check.
82
83       Also the git-annex-common-options(1) can be used.
84
85       -- fields=val fields=val.. --
86              Additional fields may be specified this way, to retain  compati‐
87              bility with past versions of git-annex-shell (that ignore these,
88              but would choke on new dashed options).
89
90              Currently used fields are autoinit= and remoteuuid=
91

HOOK

93       After content is received or dropped from  the  repository  by  git-an‐
94       nex-shell,  it  runs  a  hook,  .git/hooks/annex-content  (or hooks/an‐
95       nex-content on a bare repository). The hook is not currently passed any
96       information about what changed.
97

ENVIRONMENT

99       GIT_ANNEX_SHELL_READONLY
100
101              If  set,  disallows  any  action that could modify the git-annex
102              repository.
103
104              Note  that  this  does  not  prevent  passing  commands  on   to
105              git-shell.  For that, you also need ...
106
107       GIT_ANNEX_SHELL_LIMITED
108              If set, disallows running git-shell to handle unknown commands.
109
110       GIT_ANNEX_SHELL_APPENDONLY
111              If  set,  allows data to be written to the git-annex repository,
112              but does not allow data to be removed from it.
113
114              Note  that  this  does  not  prevent  passing  commands  on   to
115              git-shell,  so  you will have to separately configure git to re‐
116              ject pushes that overwrite branches or  are  otherwise  not  ap‐
117              pends.  The git pre-receive hook may be useful for accomplishing
118              this.
119
120              It's a good idea to enable annex.securehashesonly in  a  reposi‐
121              tory that's set up this way.
122
123       GIT_ANNEX_SHELL_DIRECTORY
124              If  set, git-annex-shell will refuse to run commands that do not
125              operate on the specified directory.
126

EXAMPLES

128       To make a ~/.ssh/authorized_keys file that only allows  git-annex-shell
129       to  be run, and not other commands, pass the original command to the -c
130       option:
131
132        command="git-annex-shell  -c  \"$SSH_ORIGINAL_COMMAND\"",no-agent-for‐
133       warding,no-port-forwarding,no-X11-forwarding  ssh-rsa AAAAB3NzaC1y[...]
134       user@example.com
135
136       To further restrict git-annex-shell to  a  particular  repository,  and
137       fully lock it down to read-only mode:
138
139        command="GIT_ANNEX_SHELL_DIRECTORY=/srv/annex     GIT_ANNEX_SHELL_LIM‐
140       ITED=true GIT_ANNEX_SHELL_READONLY=true git-annex-shell -c \"$SSH_ORIG‐
141       INAL_COMMAND\"",restrict ssh-rsa AAAAB3NzaC1y[...] user@example.com
142
143       Obviously, ssh-rsa AAAAB3NzaC1y[...] user@example.com needs to replaced
144       with your SSH key. The above also assumes git-annex-shell is  available
145       in  your  $PATH,  use an absolute path if it is not the case. Also note
146       how the above uses the restrict option instead of an explicit  list  of
147       functionality to disallow. This only works in certain OpenSSH releases,
148       starting from 7.1p2.
149
150       To only allow  adding  new  objects  to  the  repository,  the  GIT_AN‐
151       NEX_SHELL_APPENDONLY variable can be used as well:
152
153       command="GIT_ANNEX_SHELL_DIRECTORY=/srv/annex    GIT_ANNEX_SHELL_APPEN‐
154       DONLY=true   git-annex-shell   -c   \"$SSH_ORIGINAL_COMMAND\"",restrict
155       ssh-rsa AAAAB3NzaC1y[...] user@example.com
156
157       This  will not keep an attacker from destroying the git history, as ex‐
158       plained above. For this you might want to disallow certain  operations,
159       like  branch  deletion and force-push, with options from git-config(1).
160       For example:
161
162       git config receive.denyDeletes true git config  receive.denyNonFastFor‐
163       wards true
164
165       With  this  configuration, git commits can still remove files, but they
166       will still be available in the git history and  git-annex  will  retain
167       their  contents.  Changes  to git-annex branch, however, can negatively
168       impact git-annex's location tracking information and might  cause  data
169       loss. To work around this problem, more complex hooks are required, see
170       for example the update-paranoid hook in the git source distribution.
171

AUTHOR

178       Joey Hess <id@joeyh.name>
179
180       <http://git-annex.branchable.com/>
181
182                                                            git-annex-shell(1)