[sr-dev] [OT] How does SR Git repository handle access permissions?
Iñaki Baz Castillo
ibc at aliax.net
Fri Oct 16 01:26:21 CEST 2009
El Jueves, 15 de Octubre de 2009, Andrei Pelinescu-Onciul escribió:
> On Oct 14, 2009 at 16:46, I??aki Baz Castillo <ibc at aliax.net> wrote:
> > Hi, sorry for this off-topic.
> >
> > I'm starting with Git (yeah!) and creating a repository in my server to
> > manage various projects.
> >
> > I'm learning about Git and access control (users, permissions,
> > authorization per repository and so).
> >
> > How is this stuff implemented in SR Git repository? does it use Gitosis?
> > If not, how is managed the permissions?
>
> No, it doesn't use gitosis.
> All devels have an account on the machine with git-shell as a shell
> which enables them restricted ssh access (only 4 git commands).
> Each user has his name and email address set up as an env var
> (e.g. GIT_COMMITTER_EMAIL="andrei at iptel.org").
> The permissions are based on the group.
> (I might have missed something, Jan did all the work)
>
> The branch permissions are based on a modified update hook
> (I don't remember where the original version came from, but now its
> "merged" also with
> http://www.kernel.org/pub/software/scm/git/docs/howto/update-hook-example.t
> xt). It uses a permissions file with the following format:
> branch_pattern user_pattern_list
>
> where all the patterns are REs, e.g.:
> refs/heads/master$ .*
> (everybody can commit on master).
Thanks a lot for the explanation Andrei. Anyhow I've already my setup working
with Gitosis (which makes easy the management of repositories, users and
permissions), but it's nice to know new concepts as "git-shell" :)
Regards.
--
Iñaki Baz Castillo <ibc at aliax.net>
More information about the sr-dev
mailing list