From: Michael Poole <mdpoole@troilus.org>
To: Eugene Sajine <euguess@gmail.com>
Cc: git@vger.kernel.org
Subject: Re: Git push over git protocol for corporate environment
Date: Wed, 30 Sep 2009 19:54:09 -0400 [thread overview]
Message-ID: <873a64gfa6.fsf@sanosuke.troilus.org> (raw)
In-Reply-To: <76c5b8580909301613m283c4bfdne8de449ca0fd0987@mail.gmail.com> (Eugene Sajine's message of "Wed\, 30 Sep 2009 19\:13\:23 -0400")
Eugene Sajine writes:
[snip]
> My problem is that I need the simplest, easiest and fastest solution
> from setup and maintenance point of view in a situation when we have a
> huge CVS repo with hundreds of modules (projects) in it. My current
> understanding is that we are going to pull out project by project from
> CVS and create corresponding git repos.
> So, this brings us to hundreds of git repos and over 200 hundred
> committers. In this circumstances we don’t want to manage each repo
> separately as well as we don’t want to manage each person write access
> rights to each repo.
> As I understand the best solution here is git protocol (one port only
> on dedicated server and no security as we are in trusted network) with
> read and write access configured for all repos on a dedicated server.
> What do you think I should do? How to enable push over git protocol?
How do you manage permissions now? How would you like to manage
rights under the new system?
I am a git amateur, but I would suggest using git+ssh (git over ssh)
and use group or ACL permissions based on the SSH user account. The
standard git-daemon does not provide authentication or authorization,
so you would have to roll your own -- but git+ssh lets you leverage
the operating system's built-in access controls.
For example, some developers might belong to group A, and others
developers belong to group B. With standard Unix permissions, you
could grant global read but only group-A commit rights to any number
of permissions (by appropriate use of git init --shared).
I have not tried using POSIX ACLs to grant more complicated access
rights for git repositories, but setting default ACL entries on the
directory before running "git init" *should* give good results.
(Others have mentioned Gerrit. I use that at work, and my only major
wish is that it had per-branch rather than per-project access
controls. It is a vast improvement over the Subversion system we had
before.)
Michael Poole
next prev parent reply other threads:[~2009-10-01 0:00 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-30 23:13 Git push over git protocol for corporate environment Eugene Sajine
2009-09-30 23:23 ` David Brown
2009-09-30 23:43 ` Jakub Narebski
[not found] ` <00163623ac5d75929b0474e66b96@google.com>
2009-10-02 14:41 ` Eugene Sajine
2009-10-02 14:47 ` Shawn O. Pearce
2009-10-02 15:58 ` Eugene Sajine
2009-10-02 18:54 ` Ismael Luceno
2009-10-04 15:25 ` Jakub Narebski
2009-10-04 16:26 ` Matthieu Moy
2009-09-30 23:54 ` Michael Poole [this message]
2009-10-01 0:06 ` Shawn O. Pearce
2009-10-01 6:29 ` Marius Storm-Olsen
2009-10-01 18:06 ` Shawn O. Pearce
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=873a64gfa6.fsf@sanosuke.troilus.org \
--to=mdpoole@troilus.org \
--cc=euguess@gmail.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.