使用 gitolite 拒绝读取特定存储库分支

发布于 2024-10-11 18:42:11 字数 295 浏览 9 评论 0原文

我想要实现的目标如下: 同事在@coworkers组中, 客户位于@clients 组中。

Git 存储库应可供所有人读写,但应有特殊分支。 即我创建一个新分支“实习生”,@coworkers 应具有 RW+ 访问权限,但客户端不应该能够 R 或 W。

我以为我可以通过以下方式实现这一目标,

repo myrepo
    -    intern    = @clients
    RW+            = @clients @coworkers

但这不起作用。

What I'm trying to achieve is the following:
coworkers are in group @coworkers,
clients are in group @clients.

The Git repo shall be available to read and write for everyone, but there shall be special branches.
i.e. I create a new branch "intern" and @coworkers shall have RW+ acces, but clients should NOT be able to R or W.

I thought i can achieve that by

repo myrepo
    -    intern    = @clients
    RW+            = @clients @coworkers

But this does not work.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

太阳男子 2024-10-18 18:42:11

根据与 gitolite 作者的讨论,请阅读分支机构无法进行访问限制:

Gitolite 的每分支内容仅适用于写访问。它
不适用于读取访问,因为 git 本身不
支持做出这种区分。

According to a discussion with the author of gitolite, read access restriction is not possible for branches:

Gitolite's per-branch stuff works only for write access. It
doesn't work for read access because git itself does not
support making that distinction.

苹果你个爱泡泡 2024-10-18 18:42:11

现在可以使用 gitolite 的部分复制功能

  1. 请务必使用最新的 gitolite 版本,
  2. 取消注释 ~/. gitolite.rc 文件
  3. $GIT_CONFIG_KEYS = '.*' 在 ~/.gitolite.rc 文件中
  4. 使用部分复制选项拥有另一个存储库,该存储库是原始存储库的副本,但没有一些分支。

示例:如果您希望客户端只能访问 deploy 分支(

repo    my-repo
    RW+     =   @coworkers

repo    my-repo-deploy
    RW  deploy  =   @clients
    -           =   @clients

    -   VREF/partial-copy           =   @all
    config gitolite.partialCopyOf   =   my-repo

如果 git 抱怨它无法删除 master 分支),您可以在服务器上使用此命令:

sudo git config --system receive.denyDeleteCurrent warn
sudo git config --global receive.denyDeleteCurrent warn

客户端现在可以克隆以下版本的部署分支: my-repo-deploy 存储库,使用如下命令:

git clone -b deploy git@your-server:my-repo-deploy

It is now possible to restrict read access to gitolite branches with the latest version of gitolite v3.x using the partial-copy feature of gitolite

  1. Be sure to use the latest gitolite version
  2. uncomment the partial-copy line in the ENABLE section of the ~/.gitolite.rc file
  3. set $GIT_CONFIG_KEYS = '.*' in the ~/.gitolite.rc file
  4. Use the partial-copy option to have another repository which is a copy of your original repository but without some branches.

Example: if you want the client to only have access to the deploy branch

repo    my-repo
    RW+     =   @coworkers

repo    my-repo-deploy
    RW  deploy  =   @clients
    -           =   @clients

    -   VREF/partial-copy           =   @all
    config gitolite.partialCopyOf   =   my-repo

if git complain that it cannot delete the master branch you can use this command on the server:

sudo git config --system receive.denyDeleteCurrent warn
sudo git config --global receive.denyDeleteCurrent warn

The clients can now clone the deploy branch of the my-repo-deploy repository with a command like this:

git clone -b deploy git@your-server:my-repo-deploy
泪是无色的血 2024-10-18 18:42:11

我不是 gitolite 专家,但我认为规则是按顺序处理的。您是否尝试过简单地反转最后两行?也就是说,首先向@clients和@coworkers授予权限,然后再拒绝@clients对intern的访问。

I'm not a gitolite expert, but I think the rules are processed in order. Have you tried simply reversing the last two lines? That is, grant permission to @clients and @coworkers first, and then secondly deny access to intern by @clients.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文