Git identity management for shared lab computers. Forces users to identify themselves before committing or pushing, preventing accidental commits under the wrong name. Works in both terminals and IDEs.
- Shell integration adds
git identify,git whoami,git logout, etc. These set environment variables and write a session file (~/.labgit-session). - Git hooks (
pre-commit,pre-push) check for a valid identity before allowing the operation. Apost-commithook refreshes the session timer. - Session timeout expires the identity after 8 hours of inactivity (i.e.
8 hours since the last commit or
git identify).
No PATH manipulation or binary wrapping required. IDEs call the real git binary as normal; the hooks enforce identity at the point that matters.
- Copy the
labgit/directory somewhere on the shared machine:
sudo cp -r labgit /opt/labgit
sudo chmod +x /opt/labgit/labgit-install.sh- Install hooks globally (recommended for a lab machine):
/opt/labgit/labgit-install.sh --globalThis sets core.hooksPath so every repo on the machine uses the labgit hooks.
To install into a single repo instead:
/opt/labgit/labgit-install.sh /path/to/repo- Add to the shared
~/.zshrc(or~/.bashrc):
source /opt/labgit/labgit-shell-integration.sh- Edit
/opt/labgit/labgit-users.confwith your lab members, or usegit add-user:
git add-user chris "Chris Betters" chris.betters@sydney.edu.au ~/.ssh/id_ed25519_chris
git add-user barnaby "Barnaby Norris" barnaby.norris@sydney.edu.au ~/.ssh/id_ed25519_barnaby# Start of session
git identify barnaby
# Check who you are (includes remaining session time)
git whoami
# Work normally
git add .
git commit -m "updated alignment script"
git push
# End of session
git logoutThe hooks block:
git commit(pre-commit hook)git push(pre-push hook)
Everything else (status, log, diff, checkout, etc.) is unblocked. This is intentional -- read-only operations are harmless, and the commit is where identity actually matters.
The post-commit hook refreshes the session timer, so active work keeps the session alive.
Sessions expire after 8 hours of inactivity by default. "Inactivity" means
time since the last git identify, git renew, or successful commit.
To change the timeout, set LABGIT_TIMEOUT (in seconds) before sourcing:
export LABGIT_TIMEOUT=14400 # 4 hours
source /opt/labgit/labgit-shell-integration.shUseful values: 4h = 14400, 8h = 28800 (default), 12h = 43200.
To manually refresh without re-identifying:
git renewIDEs (VS Code, PyCharm, etc.) call the git binary directly, but the hooks
still run. The hooks read ~/.labgit-session to check identity, so the
workflow is:
- Open a terminal (IDE's integrated terminal is fine)
- Run
git identify barnaby - Use the IDE's git features normally
If the session has expired, commits and pushes from the IDE will fail with a clear error message telling the user to re-identify.
Each user should generate their own key pair:
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_barnaby -C "barnaby.norris@sydney.edu.au"Add the public key to their GitHub/GitLab account. The key path in
labgit-users.conf is used automatically when that user identifies.
labgit/
labgit-shell-integration.sh # source in .zshrc -- adds git subcommands
labgit-install.sh # installs hooks (global or per-repo)
labgit-users.conf # user database
hooks/
pre-commit # blocks commits without identity
post-commit # refreshes session timer
pre-push # blocks pushes without identity
LABGIT_CONF-- path to user config (default: next to shell integration script)LABGIT_TIMEOUT-- session timeout in seconds (default: 28800 / 8 hours)
- Global
git user.nameanduser.emailare automatically unset on shell startup to prevent fallback. - The session file is
chmod 600, but since everyone shares the same OS account this is informational rather than a security boundary. - If a repo has its own hooks that you want to keep, use per-repo install
and chain the existing hooks, or use a hook manager like
pre-commit.