如何使一个git仓库只读? [英] How to make a git repository read-only?
问题描述
我有一些通过SSH远程访问的git存储库,我想让它们中的一些只读以防止更多推送。有些人有远程指向这些存储库。
这些裸存储库已初始化 - shared = group ,所以将所有文件的文件权限设置为660,以便仍然允许SSH访问,但不允许写入?还是有更简单的方法?
干杯。
如果您的用户每个都有一个shell帐户(可能是有限的),并且每个用户都有一个shell帐户(可能是有限的),那么每个用户都有一个shell帐户他们通过自己的账户访问git仓库,您可以使用文件系统权限来控制对git仓库的SSH访问。在Unix上,这些可以在目录上写入权限,也许可以通过为组创建组和特定的权限(使用sticky group ID设置)来实现。推送要求 git-receive-pack 位于用户的$ PATH中,并且可以执行。尽管我不确定这种方法的可行性。
更新或者 pre-receive hook 来执行对存储库的访问控制,例如使用 update-paranoid 示例钩子来自 contrib / hooks git来源。 对于大量用户,使用工具来管理对git存储库的访问可能会更好,如 Gitos是(在Python中,需要setuptools)或 Gitolite (在Perl中)。
对于只读访问,您可以设置 git守护进程 提供只读匿名(并且未经身份验证)通过 git:// 协议访问,而不是通过SSH协议访问。
查看 url的文档。< base> .insteadOf 配置变量,以简化从SSH过渡到GIT协议。
另请参阅第4章服务器上的Git I have some git repositories accessed remotely through SSH and I want to make some of them read-only to prevent more pushes. Some people have remotes pointing to these repositories. These bare repositories were initialised Cheers. There is more than one possible way to do this. If your users each have a shell account (perhaps limited), and each of them accessing git repositories via their own account, you can use filesystem permissions to control SSH access to git repositories. On Unix those would be write permissions on directories, perhaps with the help of creating a group and specific permissions for a group (with "sticky group ID" set). Pushing requires You can use With larger number of users you could be better with using a tool to manage access to git repositories, like Gitosis (in Python, requires setuptools) or Gitolite (in Perl). For read only access you can setup git daemon to provide read-only anonymous (and unauthenticated) access via See documentation for See also Chapter 4. "Git on the Server" of Pro Git book by Scott Chacon (CC-BY-NC-SA licensed). 这篇关于如何使一个git仓库只读?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!--shared=group, so is setting file permissions to 660 for all files good enough to still allow SSH access, but disallow writes? Or is there an easier way?
git-receive-pack to be in $PATH of user, and be executable for them... although I am not sure how feasible this approach would be.update or pre-receive hook to do access control to repository, for example using update-paranoid example hook from contrib/hooks in git sources.git:// protocol, instead of access via SSH protocol. url.<base>.insteadOf config variable for a way to ease the transition from SSH to GIT protocol.
