问题
I'm not sure if this should go here, or on superuser (as it seems to pertain to both topics), so I've put it here, if it's not appropriate, I'll go ask it on superuser.
Anyway, I have a git repository that can't go completely open source (otherwise I would just put it on github and be done with it), and I have a server that I have ssh access (but not superuser access) to, this server has all of the git binaries already on it. I need to give someone read-only access to this git-repo (or at least read-only access to some of the branches, although I would imagine that's a lot harder).
Currently I'm using ssh to push and poll my local git repo to this server. Is there any way to give another person read only access to the server? (I suppose I am fine with us both having write access to the repo, although I'm not sure how to do that with unix permissions, as I don't have the ability to make new unix groups as I don't have superuser permissions).
Thank you for your help.
回答1:
You want to use the git protocol. http://www.kernel.org/pub/software/scm/git/docs/git-daemon.html
It'll be public to everybody, which may not be what you want, but nobody will be able to do a push over git://.
You can control what branches they can access by only pushing the branches you want to be accessible to it.
I would do this by having a separate clone from your ssh enabled private repository, and then add that as a remote. Then you can do git push pub public-branch, so then private-branch won't be accessible from that location.
回答2:
In .ssh/authorized_keys you can specify a command that is always run when a given public key is used to log in. You could probably set this to git-upload-pack /path/to/repo.git and git pull just might work. There may very well be non-obvious security pitfalls with this approach.
See the sshd manual page for the format of the authorized_keys file.
回答3:
You can set up ACLs to manage the rights on your repositories... There is a lot of details about this topic in the Pro Git book. And according to what I have read so far, yes you can apply this on select branches if you like.
回答4:
You can use one of tools for managing git repositories like gitosis (in Python) or gitolite (in Perl), which allow for controlling acces to repositories (or you can use your own solution, similar to example update-paranoid update hook).
The other solution would be to use one of git hosting sites that offer private repositories (e.g. Codaset provides 1 (semi)private repository in free plan, with 200 MB disk space limit).
回答5:
You can have private repositories on Github...they just cost a few dollars a month depending on the # of developers. You can control access VERY easily from there.
来源:https://stackoverflow.com/questions/3908528/give-read-only-access-to-a-git-repository