git 如何阻止推送到远程主分支
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/19021978/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to block push to master branch on remote
提问by Mitul
Is there any way to block code push directly to master? I tried adding a script in .git/hooks/update:
有什么办法可以阻止代码直接推送给master?我尝试在.git/hooks/update以下位置添加脚本:
#!/bin/sh
if [ $USER != "git-repo-admin" ];
then
if [ "" == refs/heads/master ];
then
echo "Manual pushing to this repo is restricted"
exit 1
fi
fi
But this doesn't work - Everybody can still push. I want to allow only specific users to push to master and block others.
但这不起作用 - 每个人仍然可以推动。我只想允许特定用户推送以掌握并阻止其他用户。
采纳答案by Mitul
The original script was perfect, I just needed to rename it from .git/hooks/update.sampleto .git/hooks/updateon the remote server and make sure it's executable.
原始脚本是完美的,我只需要在远程服务器上将它从 重命名.git/hooks/update.sample为.git/hooks/update并确保它是可执行的。
#!/bin/sh
if [ $USER != "git-repo-admin" ];
then
if [ "" == refs/heads/master ];
then
echo "Manual pushing to this repo is restricted"
exit 1
fi
fi
回答by VonC
Using git hooks to control access might be useful as a once-off hack but can be a slippery slope leading to a hard-to-maintain git server configuration.
使用 git hooks 来控制访问可能作为一次性黑客有用,但可能会导致难以维护的 git 服务器配置。
Thus, I would recommend setting up gitolite, which is precisely done for this kind of access control.
It manages bare repos(which are good for pushing).
因此,我建议设置gitolite,这正是为这种访问控制完成的。
它管理裸仓库(有利于推送)。
You can find an example of preventing a push in a branch in "Gitolite permissions on branches":
您可以在“分支的Gitolite 权限”中找到防止分支推送的示例:
repo @project
RW+ = @git-repo-admin
R master = @developers
- master = @developers
RW+ = @developers
Gitolite can rely on ssh for the authentication part, and automate the public key registration process.
Gitolite 可以依靠 ssh 进行身份验证,并自动化公钥注册过程。
But without Gitolite, you still can protect read/write access to a Git repo using ssh only, as described in "Git on the Server - Setting Up the Server" of the Pro Git Book(as mentioned by Anthony Geogheganin the comments)
但是如果没有 Gitolite,您仍然可以仅使用 ssh 保护对 Git 存储库的读/写访问,如Pro Git Book 的“服务器上的 Git - 设置服务器”中所述(如Anthony Geoghegan在评论中所述)
As an extra precaution, you can easily restrict the 'git' user to only doing Git activities with a limited shell tool called
git-shellthat comes with Git.
If you set this as your 'git' user's login shell, then the 'git' user can't have normal shell access to your server. To use this, specifygit-shellinstead ofbashorcshfor your user's login shell. To do so, you'll likely have to edit your/etc/passwdfile.
作为额外的预防措施,您可以轻松地将“git”用户限制为仅使用 Git 附带的有限 shell 工具进行 Git 活动
git-shell。
如果您将其设置为“git”用户的登录 shell,则“git”用户无法对您的服务器进行正常的 shell 访问。要使用它,请为您的用户的登录 shell指定git-shell代替bash或csh。为此,您可能需要编辑/etc/passwd文件。
回答by pravs
You can go to repo settings -> Branches
您可以转到回购设置-> 分支
Git asks which branch you want to protect
Git 询问你想保护哪个分支
