授予对 git 存储库的只读访问权限
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3908528/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Give Read-only access to a git repository
提问by Leif Andersen
I'm not sure if this should go here, or on superuser (as it seems to pertain to both topics), so I've put it here, if it's not appropriate, I'll go ask it on superuser.
我不确定这应该放在这里,还是在超级用户上(因为它似乎与这两个主题都有关),所以我把它放在这里,如果不合适,我会在超级用户上询问。
Anyway, I have a git repository that can't go completely open source (otherwise I would just put it on github and be done with it), and I have a server that I have ssh access (but not superuser access) to, this server has all of the git binaries already on it. I need to give someone read-only access to this git-repo (or at least read-only access to some of the branches, although I would imagine that's a lot harder).
无论如何,我有一个不能完全开源的 git 存储库(否则我会把它放在 github 上并完成它),并且我有一个服务器,我有 ssh 访问权限(但不是超级用户访问权限),这服务器上已经有所有的 git 二进制文件。我需要授予某人对此 git-repo 的只读访问权限(或至少对某些分支的只读访问权限,尽管我认为这要困难得多)。
Currently I'm using ssh to push and poll my local git repo to this server. Is there any way to give another person read only access to the server? (I suppose I am fine with us both having write access to the repo, although I'm not sure how to do that with unix permissions, as I don't have the ability to make new unix groups as I don't have superuser permissions).
目前我正在使用 ssh 将我的本地 git repo 推送和轮询到该服务器。有没有办法让另一个人只读访问服务器?(我想我对我们都有对 repo 的写访问权限很好,虽然我不确定如何使用 unix 权限来做到这一点,因为我没有能力创建新的 unix 组,因为我没有超级用户权限)。
Thank you for your help.
感谢您的帮助。
采纳答案by jonescb
You want to use the git protocol. http://www.kernel.org/pub/software/scm/git/docs/git-daemon.html
你想使用 git 协议。 http://www.kernel.org/pub/software/scm/git/docs/git-daemon.html
It'll be public to everybody, which may not be what you want, but nobody will be able to do a push over git://.
它将对所有人公开,这可能不是您想要的,但没有人能够对 git:// 进行推送。
You can control what branches they can access by only pushing the branches you want to be accessible to it.
I would do this by having a separate clone from your ssh enabled private repository, and then add that as a remote. Then you can do git push pub public-branch, so then private-branchwon't be accessible from that location.
您可以通过只推送您想要访问的分支来控制他们可以访问的分支。
我会通过从启用 ssh 的私有存储库中创建一个单独的克隆来完成此操作,然后将其添加为远程。然后您可以执行git push pub public-branch,因此private-branch将无法从该位置访问。
回答by Eric-Karl
You can set up ACLs to manage the rights on your repositories... There is a lot of details about this topic in the Pro Git book. And according to what I have read so far, yes you can apply this on select branches if you like.
您可以设置 ACL 来管理存储库的权限... Pro Git 书中有很多关于此主题的详细信息。根据我到目前为止所读到的内容,是的,如果您愿意,您可以将其应用到选定的分支上。
回答by Jakub Nar?bski
You can use one of tools for managing git repositorieslike gitosis(in Python) or gitolite(in Perl), which allow for controlling acces to repositories (or you can use your own solution, similar to example update-paranoidupdate hook).
您可以使用其中一种工具来管理 git 存储库,例如gitosis(在 Python 中)或gitolite(在 Perl 中),它们允许控制对存储库的访问(或者您可以使用自己的解决方案,类似于示例更新偏执更新钩子)。
The other solution would be to use one of git hosting sitesthat offer private repositories (e.g. Codasetprovides 1 (semi)private repository in free plan, with 200 MB disk space limit).
另一种解决方案是使用提供私有存储库的git 托管站点之一(例如Codaset在免费计划中提供 1 个(半)私有存储库,磁盘空间限制为 200 MB)。
回答by Jouni K. Sepp?nen
In .ssh/authorized_keys you can specify a command that is always run when a given public key is used to log in. You could probably set this to git-upload-pack /path/to/repo.gitand git pull just might work. There may very well be non-obvious security pitfalls with this approach.
在 .ssh/authorized_keys 中,您可以指定一个在使用给定公钥登录时始终运行的命令。您可以将其设置为git-upload-pack /path/to/repo.gitgit pull 可能会起作用。这种方法很可能存在不明显的安全隐患。
See the sshd manual pagefor the format of the authorized_keys file.
有关authorized_keys 文件的格式,请参阅sshd 手册页。
回答by Chris Kooken
You can have private repositories on Github...they just cost a few dollars a month depending on the # of developers. You can control access VERY easily from there.
您可以在 Github 上拥有私人存储库……根据开发人员的数量,它们每月只需花费几美元。您可以从那里非常轻松地控制访问。
