Geek Answers Handbook

Gitolite: allows you to modify only selected files

How to configure git and gitolite to allow a specific user to modify only files inside a specific directory?

eg. files in the source source branch:

/dir1/ /dir2/file1 /dir2/file2 /dir3/file1

User kathrine , allow only /dir2/file1 and /dir2/file2 to be modified

 $kathrine: git clone git@example.com :test.git

leads to:

 /dir2/file1 /dir2/file2

Are there any per-dir directives in gitolite.conf or do I need to configure git with a new branch for this user?

I just don't want the graphic designer to have access to the source code files.

+6
git gitolite
source share
1 answer

2010: for githolite 2 (possibly for githolite 3)

No (means that it is necessary to create a dedicated branch with the desired content).

As the author of the githolite himself laid it :

I am the author of a project called gitolite that does a great job of branch-level access control for several git repositories on a central server. My target "market" is for sure corporate users of git.

So far I have not seen a situation where read access should be limited to ortions of repo (git cannot do this).

[well a rare check may help, but it's still not easy)

Recording access often needs to be limited, and gitolit may allow you to limit:

  • as by the name of the branch (for example, only the QA wire can push a series of fixations into the "QA-done" branch).
  • or by file name (for example, only a command can make changes to the Makefile and files in src/very-important-and-critical-module ).

See the “ Security, Access Control, and Auditing ” section, and here is an example of write access:

conf/example.conf file contains all the detailed syntax:

 repo foo RW+ = lead_dev # rule 1 RW = dev1 dev2 dev3 dev4 # rule 2 RW NAME/ = lead_dev # rule 3 RW NAME/doc/ = dev1 dev2 # rule 4 RW NAME/src/ = dev1 dev2 dev3 dev4 # rule 5

each file affected by marked commits is checked for compliance with these rules.

  • Lead_dev can make changes to any files,
  • dev1 / 2 can make changes to files in " doc/ " and " src/ " (but not at the top level of README ),
  • and dev3 / 4 can only make changes to files in " src/ ".

Speaking about this, the tough question remains, how does the OP do it:

how can I create a new branch for only some selected files and delete previous commits so that the graphic designer cannot access them and see only the selected ones after cloning?

General principle:

create the 'graph_designer' branch at the point in history where these files were not present .

From there are two options:

  • or reorganize your current commits ( git rebase --interactive ) to have a file with only dir2 files first (and then it affects any other directory)
  • or if the first choice is too much work (or this is not possible because these commits have already been pushed and pulled in other repositories), just copy and add the appropriate files to this new branch.
    This means that there was no past history for these files, but they may not need this story from the very beginning.

That ' graph_designer ' will be the only branch allowed for cloning and will not contain a history with unauthorized files.

+4
source share

More articles:


All Articles