git-daemon
Provide unauthenticated Git repository access
TLDR
Launch a Git daemon with a whitelisted set of directories
Launch a Git daemon with a specific base directory and allow pulling from all sub-directories that look like Git repositories
Launch a Git daemon for the specified directory, verbosely printing log messages and allowing Git clients to write to it
SYNOPSIS
git daemon [--verbose] [--detach] [--listen=
PARAMETERS
--verbose
Be more verbose.
--detach
Detach from the terminal and run in the background as a daemon.
--listen=
Listen on the specified host or IP address. Defaults to all interfaces.
--port=
Listen on the specified port. Defaults to 9418.
--inetd
Run as an inetd service.
--export-all
Pretend as if all directories under the current directory are Git repositories.
--base-path=
Restrict access to repositories under the specified path.
--access-ok=
Specifies the 'git-daemon-export-ok' file location.
--receive-pack=
Path to git-receive-pack executable. Defaults to git-receive-pack.
--upload-pack=
Path to git-upload-pack executable. Defaults to git-upload-pack.
--pid-file=
Write the process ID to the specified file.
--syslog
Log to syslog.
--user=
Run as the specified user.
--group=
Run as the specified group.
--umask=
Set the umask for new files.
--max-connections=
Limit the number of concurrent connections.
--max-threads=
Limit the number of threads.
--timeout=
Set the timeout for idle connections in seconds.
--reuseaddr
Enable SO_REUSEADDR socket option.
--strict-paths
Only allow access to explicitly exported repositories.
--enable=
Enable a specific service (e.g., upload-pack, receive-pack).
--disable=
Disable a specific service.
--init-timeout=
Set the initial connection timeout in seconds.
--max-cache-size=
Set the maximum cache size.
--stat-ctime
Use ctime for stat information
--informative-errors
Return more verbose error message strings to clients.
--tcp-window-size=
Use specified TCP window size.
[
Serve repositories from the specified directory. If omitted, the current directory is used.
DESCRIPTION
git-daemon is a simple Git server that provides unauthenticated read-only access to Git repositories.
It is typically used for serving public Git repositories without requiring users to have accounts on the server.
git-daemon listens on a specified port (default is 9418) and handles requests from Git clients like git clone, git fetch, and git pull.
It can serve multiple repositories concurrently and supports various options to control access, logging, and security. It is designed to be lightweight and efficient, suitable for serving a large number of repositories to many clients.
It's crucial to configure git-daemon securely, especially when serving private repositories (even with limited read only access).
Consider access restrictions and proper firewalls if you are not sure about exposing data to outside world.
CAVEATS
It's strongly recommended to run git-daemon with appropriate access controls and behind a firewall, especially when serving private repositories. Ensure that repositories are explicitly marked for export using 'git update-server-info' or by creating a 'git-daemon-export-ok' file in the repository's root.
SECURITY CONSIDERATIONS
Never expose git-daemon directly to the internet without proper security measures.
Use firewalls, restrict access based on IP addresses, and carefully configure the available services. Always verify repositories are meant to be public via the 'git-daemon-export-ok' file.
INETD CONFIGURATION
When running under inetd, use the '--inetd' option. Configure inetd to invoke git-daemon with the appropriate user and arguments. Example snippet:
git stream tcp nowait nobody /usr/bin/git daemon --inetd --export-all --base-path=/path/to/repos
EXPORTING REPOSITORIES
To allow a repository to be served by git-daemon, create a file named 'git-daemon-export-ok' in the repository's root directory. This file acts as an explicit confirmation that the repository is intended to be publicly accessible.
Alternatively, use 'git update-server-info'.
HISTORY
The git-daemon command has been part of Git since its early days, designed as a simple way to serve repositories over the Git protocol.
It has evolved with added features for security and performance, but its core purpose remains the same: to provide an easy and efficient read-only Git server.
SEE ALSO
git(1), git-clone(1), git-fetch(1), git-pull(1), git-update-server-info(1)