当前位置: 文江博客话题详情

gitolite:允许仅更改选定的文件

发布于 2024-09-08 20:02:13 字数 569 浏览 3 评论 0原文

如何配置 git 和 gitolite 以允许特定用户仅更改特定目录内的文件?

例如,原始主分支中的文件:

/dir1/
/dir2/file1
/dir2/file2
/dir3/file1

用户kathrine,仅允许更改/dir2/file1/dir2/file2

$kathrine: git clone [email protected]:test.git

结果:

/dir2/file1
/dir2/file2

是否有任何gitolite.conf 中的 per-dir 指令还是我应该为该用户配置 git 使用新分支?

我只是不希望图形设计师能够访问源代码文件。

原文

How to configure git and gitolite to allow specific user to change just files that are inside specific directory?

e.g. files in origin master branch:

/dir1/
/dir2/file1
/dir2/file2
/dir3/file1

User kathrine, allow to change only /dir2/file1 and /dir2/file2

$kathrine: git clone [email protected]:test.git

results in:

/dir2/file1
/dir2/file2

Are there any per-dir directives in gitolite.conf or shall I configure git with new branch for this user?

I just don't want graphics designer to have access to the source code files.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

身边 2024-09-15 20:02:13

2010:对于 Gitolite 2(对于 gitolite 3 可能已更改)

否(意味着需要创建具有正确内容的专用分支)。

正如gitolite 的作者本人所说的

我是一个名为 gitolite 的项目的作者,该项目在中央服务器上的多个 git 存储库的分支级访问控制方面做得非常出色。
我的目标“市场”正是git的企业用户。

到目前为止,我还没有看到需要将读取访问限制为存储库的情况(无论如何 git 都无法做到这一点)。

[嗯稀疏结帐可能会有所帮助,但无论如何都不容易)

写访问通常需要受到限制,gitolite 可以让您限制:

  • 均按分支名称(例如,只有 QA 负责人才能将提交系列推送到“QA-done”分支)
  • 或按文件名(例如,只有团队负责人可以更改 src/very-important-and-ritic-module 中的 Makefile 和文件)。

请参阅“安全、访问控制部分,和审核”,这里是访问的示例:

conf/example.conf 文件 包含所有详细语法:

repo foo
        RW+ = lead_dev # rule 1
        RW = dev1 dev2 dev3 dev4 # rule 2

        RW NAME/ = lead_dev # rule 3
        RW NAME/doc/ = dev1 dev2 # rule 4
        RW NAME/src/ = dev1 dev2 dev3 dev4 # rule 5

每个被推送的提交所触及的文件都会根据这些规则进行检查。

  • lead_dev 可以将更改推送到任何文件,
  • dev1/2 可以推送对“doc/”和“src/”中文件的更改(但不能推送顶层 README) ,
  • 和 dev3/4 只能将更改推送到“src/”中的文件。

话虽如此,正如OP所说,棘手的问题仍然存在:

如何创建仅包含某些选定文件的新分支,并删除以前的提交,以便图形设计师无法访问它们,并且在克隆后只能看到选定的文件?

一般原则:

在这些文件不存在的历史时刻创建“graph_designer”分支

从那里,有两个选择:

  • 要么重新组织当前的提交(git rebase --interactive),以便第一个只有 dir2 文件(然后提交影响任何其他目录)
  • 或者,如果第一个选择代表太多工作(或者不可能,因为这些提交已在其他存储库中推送和拉取),只需在该新分支中复制并添加相关文件即可。
    这意味着,这些文件没有过去的历史记录,但它们可能从一开始就不需要该历史记录。

该“graph_designer”将是唯一允许克隆的分支,并且不会包含任何未经授权文件的历史记录。

2010: For Gitolite 2 (might have changed for gitolite 3)

No (meaning a dedicated branch with the right content needs to be created).

As the author of gitolite himself put it:

I am the author of a project called gitolite that does an excellent job of branch-level access control for multiple git repositories on a central server.
My target "market" is precisely corporate users of git.

So far, I have not seen a situation where read-access needs to be restricted to ortions of a repo (git can't do that anyway).

[well sparse checkout might help, but it is not easy anyway)

Write-access does often need to be restricted, and gitolite can let you restrict:

  • both by branch name (e.g. only the QA lead can push a commit series into the "QA-done" branch)
  • or by filename (e.g., only the team lead can make changes to the Makefile and files in src/very-important-and-critical-module).

See the section "security, access control, and auditing", and here is an example of write access:

The conf/example.conf file has all the detailed syntax:

repo foo
        RW+ = lead_dev # rule 1
        RW = dev1 dev2 dev3 dev4 # rule 2

        RW NAME/ = lead_dev # rule 3
        RW NAME/doc/ = dev1 dev2 # rule 4
        RW NAME/src/ = dev1 dev2 dev3 dev4 # rule 5

each file touched by the commits being pushed is checked against those rules.

  • lead_dev can push changes to any files,
  • dev1/2 can push changes to files in "doc/" and "src/" (but not the top level README),
  • and dev3/4 can only push changes to files in "src/".

That being said, the tough question remains, as the OP puts it:

how do I create new branch witch some selected files only, and delete the previous commits, so the graphic designer could not access them, and see only the selected ones after the clone?

General principle:

create 'graph_designer' branch at a point in history where those files weren't present.

From there, two choices:

  • either reorganize your current commits (git rebase --interactive) in order to have first the one with only dir2 files (and then commits impacting any other directory)
  • or, if the first choice represents too much work (or isn't possible because those commits have already been pushed and pulled in other repos), simply copy and add the relevant files in that new branch.
    That means, no past history for those files, but they might not need that history right from the beginning.

That 'graph_designer' will be the only branch allowed to be cloned, and won't contain any history with non-authorized files.

回复 原文
~没有更多了~

关于作者

梦魇绽荼蘼

暂无简介

0 文章
0 评论
21 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

不再见

文章 0 评论 0

真是无聊啊

文章 0 评论 0

樱娆

文章 0 评论 0

浅语花开

文章 0 评论 0

烛光

文章 0 评论 0

绻影浮沉

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文