mwf/Installation-tutorial-for-Git-Server-on-OS-X.md

## create_sys_user.sh
#!/bin/bash

# Original - http://serverfault.com/a/532860

# Check that we are superuser (i.e. $(id -u) is zero)
if (( $(id -u) )) ; then
echo "This script needs to run as root"
exit 1
fi

if [[ -z "$1" ]] ; then
echo "Usage: $(basename $0) [username] [realname (optional)]"
exit 1
fi

username=$1
realname="${2:-$username}"

echo "Adding daemon user $username with real name \"$realname\""

for (( uid = 500;; --uid )) ; do
if ! id -u $uid &>/dev/null; then
if ! dscl /Local/Default -ls Groups gid | grep -q [^0-9]$uid\$ ; then
dscl /Local/Default -create Groups/_$username
dscl /Local/Default -create Groups/_$username Password \*
dscl /Local/Default -create Groups/_$username PrimaryGroupID $uid
dscl /Local/Default -create Groups/_$username RealName "$realname"
dscl /Local/Default -create Groups/_$username RecordName _$username $username

dscl /Local/Default -create Users/_$username

# Need home directory?
# dscl /Local/Default -create Users/_$username NFSHomeDirectory /var/empty
dscl /Local/Default -create Users/_$username NFSHomeDirectory /Users/_$username
dscl /Local/Default -create Users/_$username Password \*
dscl /Local/Default -create Users/_$username PrimaryGroupID $uid
dscl /Local/Default -create Users/_$username RealName "$realname"
dscl /Local/Default -create Users/_$username RecordName _$username $username
dscl /Local/Default -create Users/_$username UniqueID $uid
# Need shell access for the user?
# dscl /Local/Default -create Users/_$username UserShell /usr/bin/false
dscl /Local/Default -create Users/_$username UserShell /bin/bash

dscl /Local/Default -delete /Users/_$username AuthenticationAuthority
dscl /Local/Default -delete /Users/_$username PasswordPolicyOptions
break
fi
fi
done

echo -e "Created system user $username (uid/gid $uid):\n"

dscl /Local/Default -read Users/_$username

echo -e "\nYou can undo the creation of this user by issuing the following commands:\n"
echo "sudo dscl /Local/Default -delete Users/_$username"
echo "sudo dscl /Local/Default -delete Groups/_$username"

## Installation-tutorial-for-Git-Server-on-OS-X.md

      
    Raw
  

              Installation-tutorial-for-Git-Server-on-OS-X.md
            
          
    A small tutorial for how to set up Git Server on Mac OS X. The main dificulty was to create a "system" user (aka "daemon", uid<=500) and allow ssh login for it.

I need 'git'-user to be system - not visible in standart users list.
I need to allow ssh access only for some users/groups.

The tutorial for Git server setting up - http://git-scm.com/book/ca/Git-on-the-Server-Setting-Up-the-Server
So I need to create system user 'git' with homefolder.
System user creation script - http://serverfault.com/a/532860. I've modified it a little and uploaded here https://gist.github.com/mwf/20cbb260ad2490d7faaa#file-create_sys_user-sh.
sudo ./create_sys_user.sh git
sudo mkdir /Users/_git
sudo chown _git:_git /Users/_git

After that you can switch user to 'git' and add users public keys as said in Git tutorial.
Now the point of this gist - how to allow SSH for 'git' user.
First, open up System Preferences » Sharing and turn on Remote Login (this is ssh).
As you can see - you can't just add 'git' user to access list, cause it's invisible. Here is the hack, based on http://superuser.com/a/166219:
sudo dscl . append /Groups/com.apple.access_ssh GroupMembership git
sudo dscl . append /Groups/com.apple.access_ssh groupmembers `dscl . read /Users/git GeneratedUID | cut -d " " -f 2`

Bingo, you can test the ssh connection to the server (if you've already set up your public key):
ssh git@server-ip

Some usefull stuff:

If you don't care if 'git' should be system user - just use this guide: http://www.tomdalling.com/blog/software-processes/how-to-set-up-a-secure-git-server-at-home-osx/
This can be also usefull - https://github.com/sitaramc/gitolite. Found this reference here: http://automatica.com.au/2011/01/setup-git-server-on-mac-osx-server/
	#!/bin/bash

	# Original - http://serverfault.com/a/532860

	# Check that we are superuser (i.e. $(id -u) is zero)
	if (( $(id -u) )) ; then
	echo "This script needs to run as root"
	exit 1
	fi

	if [[ -z "$1" ]] ; then
	echo "Usage: $(basename $0) [username] [realname (optional)]"
	exit 1
	fi

	username=$1
	realname="${2:-$username}"

	echo "Adding daemon user $username with real name \"$realname\""

	for (( uid = 500;; --uid )) ; do
	if ! id -u $uid &>/dev/null; then
	if ! dscl /Local/Default -ls Groups gid \| grep -q [^0-9]$uid\$ ; then
	dscl /Local/Default -create Groups/_$username
	dscl /Local/Default -create Groups/_$username Password \*
	dscl /Local/Default -create Groups/_$username PrimaryGroupID $uid
	dscl /Local/Default -create Groups/_$username RealName "$realname"
	dscl /Local/Default -create Groups/_$username RecordName _$username $username

	dscl /Local/Default -create Users/_$username

	# Need home directory?
	# dscl /Local/Default -create Users/_$username NFSHomeDirectory /var/empty
	dscl /Local/Default -create Users/_$username NFSHomeDirectory /Users/_$username
	dscl /Local/Default -create Users/_$username Password \*
	dscl /Local/Default -create Users/_$username PrimaryGroupID $uid
	dscl /Local/Default -create Users/_$username RealName "$realname"
	dscl /Local/Default -create Users/_$username RecordName _$username $username
	dscl /Local/Default -create Users/_$username UniqueID $uid
	# Need shell access for the user?
	# dscl /Local/Default -create Users/_$username UserShell /usr/bin/false
	dscl /Local/Default -create Users/_$username UserShell /bin/bash

	dscl /Local/Default -delete /Users/_$username AuthenticationAuthority
	dscl /Local/Default -delete /Users/_$username PasswordPolicyOptions
	break
	fi
	fi
	done

	echo -e "Created system user $username (uid/gid $uid):\n"

	dscl /Local/Default -read Users/_$username

	echo -e "\nYou can undo the creation of this user by issuing the following commands:\n"
	echo "sudo dscl /Local/Default -delete Users/_$username"
	echo "sudo dscl /Local/Default -delete Groups/_$username"