问题
I have a server with six Git repositories, to which I have read+write access through a single SSH account, all in /opt/git/, all owned by the SSH account.
I'd like to give somebody else read+write access the a few of the repositories, but not to all.
- How do I create a new SSH user that has access to only a few select repositories?
- Can I use filepermissions (currently 0755) to control this type of access?
- Are there any best practices?
It's unlikely we'll have a third developer for quite a while, atleast not before we get a proper sysadmin, so it's okay if it's "good enough for now".
回答1:
That would be best managed by gitolite (an authorization layer), which would allow you to configure a list of:
- ssh user keys
- repositories
And associate the users you want to the right repos.
All users would still access those repos through ssh with the account git, but using their own public/private ssh keys (registered in gitolite config file), generated with a command similar to:
ssh-keygen -t rsa -f "${H}/.ssh/myLogin" -C "My Gitolite access (not interactive)" -q -P ""
Each user would set up a %HOME%/.ssh/config file in order to reference myLogin/myLogin.pub keys.
来源:https://stackoverflow.com/questions/16169962/selective-access-to-git-repository-based-on-ssh