Ubuntu – Encrypt git repository on server (safe against theft of physical hardware)

encryptiongitUbuntu

I have a production server (Ubuntu, running 24/7) with a git repository and some client computers each with a working copy of this repository. In the client computers, simply using home folder encryption seems to solve the problem that in case of stolen hardware nobody can access the files in the git.

How can I encrypt the remote side of the git repository to make sure that in case of stolen hardware nobody can reconfigure and clone the git repository?

At first, I thought of encrypting the home directory of the git user, but then I realised that this wouldn't make any sense, since when and by whom should it be decrypted?

Can I put the git repository in my own home directory / link to it so it will only be available when I have logged into the server via SSH? Or is there a similar solution to this problem?

Thanks for any tips in advance!

Best Answer

You could use an ecrypted home directory. You would have to login and manually mount the encrypted drive and provide the decryption key when the server reboots. You can't have the drive automatically mounted for obvious reasons.

The Standard Solution

If you put all the developers in a specially-created group, you can, in principle, just do:

chgrp -R <whatever group> gitrepo
chmod -R g+swX gitrepo

Then change the umask for the users to 002, so that new files get created with group-writable permissions.

The problems with this are legion; if you’re on a distro that assumes a umask of 022 (such as having a common users group that includes everyone by default), this can open up security problems elsewhere. And sooner or later, something is going to screw up your carefully crafted permissions scheme, putting the repo out of action until you get root access and fix it up (i.e., re-running the above commands).

The New-Wave Solution

A superior solution—though less well understood, and which requires a bit more OS/tool support—is to use POSIX extended attributes. I’ve only come to this area fairly recently, so my knowledge here isn’t as hot as it could be. But basically, an extended ACL is the ability to set permissions on more than just the 3 default slots (user/group/other).

So once again, create your group, then run:

setfacl -R -m g:<whatever group>:rwX gitrepo
find gitrepo -type d | xargs setfacl -R -m d:g:<whatever group>:rwX

This sets up the extended ACL for the group so that the group members can read/write/access whatever files are already there (the first line); then, also tell all existing directories that new files should have this same ACL applied (the second line).

Hope that gets you on your way.

Git – post-receive hook with git pull “Failed to find a valid git directory”

While the hook is running, GIT_DIR and (if the worktree was defined explicitly) GIT_WORK_TREE are set. That means your pull won't run with the second repository in the directory you changed to.

Try git --git-dir ~/websites/testing/.git --work-tree ~/websites/testing pull; or unset git's repo-local environment with this:

unset $(git rev-parse --local-env-vars)

More info on these environment variables in man 1 git.

Best Answer

Related Solutions

Git – How to Share a Git Repository with Multiple Users on a Machine

The Standard Solution

The New-Wave Solution

Git – post-receive hook with git pull “Failed to find a valid git directory”

Related Topic