Re: git dangerous operations on alioth

To: debian-devel@lists.debian.org
Subject: Re: git dangerous operations on alioth
From: Tollef Fog Heen <tfheen@err.no>
Date: Thu, 28 Feb 2013 10:45:35 +0100
Message-id: <[🔎] 874ngw7ow0.fsf@qurzaw.varnish-software.com>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 512F25CE.6060501@pocock.com.au> (Daniel Pocock's message of "Thu, 28 Feb 2013 10:39:26 +0100")
References: <[🔎] 512F25CE.6060501@pocock.com.au>

]] Daniel Pocock 

> Has anybody had experience controlling access to git repositories, for
> example, to give users access but prevent some of the following
> dangerous operations?
>
> - prevent users pushing with the `--force' option
> (from the man page for git-push: "This can cause the remote repository
> to lose commits; use it with care.")

You can enable denyFastForward in the config and enable reflogs, that
should help with this.

> - ensure that users only push commits authored by themselves (email
> address white list)

A hook should be able to do this.

> - prevent some users pushing tags (or only allow tags matching a pattern)

You can do this with a hook as well.

I'm using gitano (not packaged) for this on my own setup, it has a set
of ACLs that gets run.  I think gitolite is able to do it as well, so
maybe take a look at whether that does what you want?

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are

Reply to:

Follow-Ups:
- Re: git dangerous operations on alioth
  - From: Andrey Rahmatullin <wrar@wrar.name>

References:
- git dangerous operations on alioth
  - From: Daniel Pocock <daniel@pocock.com.au>

Prev by Date: git dangerous operations on alioth
Next by Date: Re: git dangerous operations on alioth
Previous by thread: git dangerous operations on alioth
Next by thread: Re: git dangerous operations on alioth
Index(es):
- Date
- Thread