2. Git Basics
7. Git Tools
10. Git Internals
A3. Git Commands
4.5 Git on the Server - Git Daemon
Next we’ll set up a daemon serving repositories over the “Git” protocol. This is common choice for fast, unauthenticated access to your Git data. Remember that since it’s not an authenticated service, anything you serve over this protocol is public within its network.
If you’re running this on a server outside your firewall, it should only be used for projects that are publicly visible to the world. If the server you’re running it on is inside your firewall, you might use it for projects that a large number of people or computers (continuous integration or build servers) have read-only access to, when you don’t want to have to add an SSH key for each.
$git daemon --reuseaddr --base-path
--reuseaddr allows the server to restart without waiting for old connections to time out, the
--base-path option allows people to clone projects without specifying the entire path, and the path at the end tells the Git daemon where to look for repositories to export.
If you’re running a firewall, you’ll also need to punch a hole in it at port 9418 on the box you’re setting this up on.
You can daemonize this process a number of ways, depending on the operating system you’re running. On an Ubuntu machine, you can use an Upstart script. So, in the following file
you put this script:
start on startup
stop on shutdown
exec /usr/bin/git daemon \
--user=git --group=git \
For security reasons, it is strongly encouraged to have this daemon run as a user with read-only permissions to the repositories – you can easily do this by creating a new user git-ro and running the daemon as them.
For the sake of simplicity we’ll simply run it as the same git user that
git-shell is running as.
When you restart your machine, your Git daemon will start automatically and respawn if it goes down. To get it running without having to reboot, you can run this:
$initctl start local-git-daemon
On other systems, you may want to use
xinetd, a script in your
sysvinit system, or something else – as long as you get that command daemonized and watched somehow.
Next, you have to tell Git which repositories to allow unauthenticated Git server-based access to.
You can do this in each repository by creating a file named
The presence of that file tells Git that it’s OK to serve this project without authentication.