请帮助我了解gitolite用户 [英] please help me understand gitolite users
问题描述
出于某种原因,我的gitolite没有带有示例配置文件,我似乎无法在任何地方找到,我确信如果有人可以找到我的副本,请在该文件中回答此问题! p>
无论如何,gitolite配置文件的格式非常简单,下面是我的一个简短的代码
gitolite conf
#有关语法和功能的详细信息,请参阅doc / gitolite.conf.mkd
@nmscDevs = dev1@compaid.com dev2@compaid.com dev3 @ compaid.com
@buildMgr = william_slepecki@compaid.com dev4@compaid.com
回购gitolite-admin
RW + = gitadmin william_slepecki@compaid.com
repo grindstone
RW + = gitadmin
RW + prod $ = @buildMgr
- prod $ = @nmscDevs
RW = @nmscDevs
我的keydir文件夹中有几个公钥:
keydir /
gitadmin.pub
william_slepecki@compaid.com.pub
我的问题是gitolite似乎忽略了设置给个人用户的权限。除非我给gitadmin用户完全控制权,否则没有什么可以在存储库上工作(读取,写入等)。然后,似乎每个人都使用gitadmin用户的权限。我克隆这样的回购
git clone git @ server:grindstone.git
但是当我尝试克隆这样的东西时
git clone'dev1 @ compaid.com'@ server:grindstone.git
密码。每个用户都需要在服务器上拥有一个帐户,以便他们可以进入SSH?
权限在gitolite中的工作原理如何?我导致了解,git用户需要一个帐户ssh进入服务器,然后一旦gitolite接管它使用与git请求一起传递的电子邮件来确定权限,我在这里错了吗?我缺少什么?
顺便提一下,这是我的.ssh / config
主机服务器
用户git
主机名服务器
标识文件〜/ .ssh / gitadmin
主机服务器
用户william_slepecki@compaid.com
主机名服务器
身份文件〜/ .ssh / id_rsa
更新:
I已经升级到gitolite的最新版本,当我尝试做一个克隆我得到这个$ git clone git @ server: testing.git
克隆到'测试'中...
致命错误:R任何测试gitadmin被fallthru
拒绝(或者你误拼了reponame)
致命:远程端
我的配置文件现在看起来像这样:
回购测试
RW + = william_slepecki
和我的.ssh配置不变。此外,我在我的日志中有这个
2012-05-08.13:01:13 19027 ssh ARGV = gitadmin SOC = git -upload-pack'testing.git'FROM = 10.99.5.146
2012-05-08.13:01:13 19027 access(testing,gitadmin,R,'any'), - > R任何测试gitadmin拒绝fallthru
2012-05-08.13:01:13 19027 trigger,Writable,access_1,ACCESS_1,testing,gitadmin,R,any,R任何测试gitadmin由fallthru
DENIED code>这里是我的全局git配置的顶级剪辑
[user]
name = Willie Slepecki
email = william_slepecki@compaid.com
为什么在这个世界上,这仍然坚持gitadmin在回购,为什么它不使用william_slepecki?那么到底是什么名字使用?
解决方案好吧,我的问题有好几倍。
首先,我误解了gitadmin键的作用。我认为,因为这是唯一一个在服务器上拥有实际帐户的用户,它需要在所有开发人员工作站上运行。事实证明这是错误的。 gitolite接受keydir目录中的密钥,并在推送时将它们添加到git / .ssh / authenticated_keys文件中。这允许keydir中的所有键作为用户在机器上的git登录。因为git用户没有与之关联的控制台,所以没有任何安全漏洞。第二,我的〜/ .ssh / conf文件。因为我不明白#1是如何工作的,所以我认为git以某种方式将用户名作为git命令的一部分传递给了电子邮件地址。一旦我找到了#1,我能够清理配置文件来映射git @ server用户,并使用我的正常工作。
一旦这两个问题是理解和解决,所有权限开始正确工作。我现在已经替换了服务器上的gitadmin用户密钥,以使开发者工作站上的用户密钥无效并更新了我的所有开发人员配置。管理层再次感到高兴。
感谢所有人。
For some reason my gitolite didn't come with a sample config file and i can't seem to find one anywhere, im sure this question is answered in that file if someone can find me a copy, please!!
Anyways, the format of the gitolite config file is simple enough, here's a snip from mine
gitolite conf # please see doc/gitolite.conf.mkd for details on syntax and features @nmscDevs = dev1@compaid.com dev2@compaid.com dev3@compaid.com @buildMgr = william_slepecki@compaid.com dev4@compaid.com repo gitolite-admin RW+ = gitadmin william_slepecki@compaid.com repo grindstone RW+ = gitadmin RW+ prod$ = @buildMgr - prod$ = @nmscDevs RW = @nmscDevsI have several public keys in my keydir folder:
keydir/ gitadmin.pub william_slepecki@compaid.com.pubMy problem is gitolite seems to be ignoring the permissions set to the individual users. nothing works on a repository (reads, writes, etc) unless i give the gitadmin user full control. Then it seems that everyone uses the permissions of the gitadmin user. I clone the repos like this
git clone git@server:grindstone.gitbut when i try to clone with something like this
git clone 'dev1@compaid.com'@server:grindstone.gitIm prompted with a password. does each individual user need to have an account on the server so they can ssh into it?
How exactly do the permissions work in gitolite? I was lead to understand that the git user needs an account to ssh into the server, then once gitolite takes over it uses the email that is passed along with the git request to determine permissions, am I wrong here? what am i missing?
BTW, here's my .ssh/config
host server user git hostname server identityfile ~/.ssh/gitadmin host server user william_slepecki@compaid.com hostname server identityfile ~/.ssh/id_rsaUpdate: I have upgraded to the latest version of gitolite, when i try to do a clone i get this
$ git clone git@server:testing.git Cloning into 'testing'... FATAL: R any testing gitadmin DENIED by fallthru (or you mis-spelled the reponame) fatal: The remote end hung up unexpectedlymy config file now looks like this:
repo testing RW+ = william_slepeckiand my .ssh config is unchanged. in addition, i have this in my log
2012-05-08.13:01:13 19027 ssh ARGV=gitadmin SOC=git-upload-pack 'testing.git' FROM=10.99.5.146 2012-05-08.13:01:13 19027 access(testing, gitadmin, R, 'any'),-> R any testing gitadmin DENIED by fallthru 2012-05-08.13:01:13 19027 trigger,Writable,access_1,ACCESS_1,testing,gitadmin,R,any,R any testing gitadmin DENIED by fallthruand here is the top snip of my global git config
[user] name = Willie Slepecki email = william_slepecki@compaid.comwhy in the world is this still insisting that gitadmin be on the repo and why is it not using william_slepecki? where exactly does this get the name to use?
解决方案Well, my problem was several fold.
First, i misunderstood the role of the gitadmin key. i thought that since that is the only user that has an actual account on the server that it needed to be on all the developers workstations. Turns out that was wrong. gitolite takes the keys in the keydir directory and adds them to the git/.ssh/authenticated_keys file on a push. This allows all the keys in the keydir to login as the user git on the machine. Since the git user does not have a console associated with it, there is no security hole.
Second, my ~/.ssh/conf file. Since i didn't understand how #1 worked, I thought git was passing the email address somehow as the username as part of the git commands. Once I figured out #1, i was able to clean the config file to map the git@server user and use my normal for everything else.
Once those two issues were understood and worked out, all permissions started working correctly. I have now replaced the gitadmin user key on the server to invalidate the ones on developers stations and updated all my developers configs. Management is happy again.
thanks everyone.
这篇关于请帮助我了解gitolite用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
