发表新帖
发表新帖

How to make a git repository read-only?

前端 未结
关注
9 829
执念已碎
执念已碎 2020-12-02 15:09

I have some git repositories accessed remotely through SSH and I want to make some of them read-only to prevent more pushes. Some people have remotes pointing to these repos

相关标签:
9条回答
  • 被撕碎了的回忆
    2020-12-02 15:43

    If you need access control as well, check out gitosis. Pretty easy to set-up and you can use a simple script to control who can do what.

    0 讨论(0)
  • 花落未央
    2020-12-02 15:43

    Recently I used limiting access to path "/repo.git/git-receive-pack" to achive result that the repository is read-write for some users and read-only for some others. In httpd config it looks like this:

        <Location /repo.git/>
            Require group developers developers-ro
    </Location>

    <Location /repo.git/git-receive-pack>
            Require group developers
    </Location>
    0 讨论(0)
  • 一个人的身影
    2020-12-02 15:45

    A pre-receive hook that simply prints an informative message and exits with a non zero status does the job.

    Assuming you put some meaningful information in your message, it also cuts down on the queries from frustrated users asking why they can't push:

    #!/bin/bash
echo "=================================================="
echo "This repository is no longer available for pushes."
echo "Please visit blah blah yadda yadda ...."
echo "=================================================="
exit 1

    Remember to set the executable permission for the script and to make sure is owned by the right user and/or group, or else it will not execute and will not give any warning.

    0 讨论(0)
  • 说谎
    2020-12-02 15:50

    Since git relies primarily on the filesystem for access control, that will work. Note that in your permissions, the world has no access to the file, but the user and group have read/write access. If you want world-readable, your permissions should be 0444.

    You could do further fine-grained control by setting the repo permissions as 0664 where the user is nobody and the group is something like gitdevs. Then, only people in the gitdevs group will have the ability to write to the repo, but the world can read from it.

    Follow-up Here is a link that covers various ways to share your repo and covers come pro's & cons and access control features.

    0 讨论(0)
  • 渐次进展
    2020-12-02 15:55 
    chmod -R a-w /path/to/repo.git
    0 讨论(0)
  • 太阳男子
    2020-12-02 16:02

    As I am just a user of our GitLab (and I didn't wanted to bother the admins in the first step), I searched for another way and found one:

    • Open the GitLab webinterface and go to the repository you want to set to read-only
    • Choose Settings > Repository
    • Expand Protected Branches
    • Add the master branch and set Allowed to merge and Allowed to push to No one
    • If the master branch is protected already, you can set these values in the list below
    0 讨论(0)
 看不清?
提交回复
热议问题