From: Jakub Narebski <jnareb@gmail.com>
To: Thomas Koch <thomas@koch.ro>
Cc: Daniel Barkalow <barkalow@iabervon.org>,
Gary Yang <garyyang6@yahoo.com>,
git@vger.kernel.org
Subject: Re: How to hide a git repository?
Date: Tue, 25 Nov 2008 12:10:43 -0800 (PST) [thread overview]
Message-ID: <m3skpfk1mp.fsf@localhost.localdomain> (raw)
In-Reply-To: <200811252001.37259.thomas@koch.ro>
Thomas Koch <thomas@koch.ro> writes:
> Am Tuesday 25 November 2008 19:38:02 schrieb Daniel Barkalow:
> > On Mon, 24 Nov 2008, Gary Yang wrote:
> > > Do I have to create two git servers? One is for public to download the
> > > released code. For example: gitpub.mycompany.com:/pub/linux/kernel.
> >
> > The public can't generally use this URL, because it's an ssh URL, and they
> > won't be able to connect with ssh. They can only really use
> > git://gitpub.mycompany.com/pub/linux/kernel or something similar.
> >
> > The normal pattern is to have R/W access with ssh and anonymous read
> > access via git://...; you can then have multiple repositories on the same
> > host, with the git server only serving the public one. All of them will be
> > accessible to the ssh methods (restricted by the user's UNIX permissions
> > on the files in those directories).
To control access via SSH protocol (which can be used both for
fetching and for pushing), you can either configure accounts and
user/groups permissions on repository directories, or you can use
external tool like ssh_acl or Gitosis.
To control access via HTTP you can employ authorization and
authentication from your web server; for push this would be matter of
setting up WebDAV.
To control access via anonymous git:// protocol, you can use whitelist
and blacklist mechanism built in git-daemon; by default only
repositories with git-daemon-export-ok in them (in .git) are exported,
if I understand correctly.
Additionally, if protocol is authenticated you can use hooks mechanism
like example contrib/hooks/update-paranoid to restrict access (and
with finer granularity too).
> Do you now of a way to show public repos with gitweb to the public and
> private repos to the staff with the same gitweb installation?
You can quite simply restrict access to some directories/repositories,
or the fact that they are listed in list of all projects for _all_
clients quite easily (see description of GITWEB_EXPORT_OK in
gitweb/README and gitweb/INSTALL).
If you have something more fancy, check out newest gitweb and take a
look at gitweb/INSTALL: you can now, thanks to commit dd7f5f1 by
Alexander Gavrilov, see
http://permalink.gmane.org/gmane.comp.version-control.git/99962
HTH
--
Jakub Narebski
Poland
ShadeHawk on #git
next prev parent reply other threads:[~2008-11-25 20:12 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-25 0:32 How to hide a git repository? Gary Yang
2008-11-25 0:37 ` Heikki Orsila
2008-11-25 1:40 ` Gary Yang
2008-11-25 3:58 ` Bruno Cesar Ribas
2008-11-25 2:16 ` Gary Yang
2008-11-25 6:15 ` Nicolas Morey-Chaisemartin
2008-11-25 18:38 ` Daniel Barkalow
2008-11-25 19:01 ` Thomas Koch
2008-11-25 19:08 ` Daniel Barkalow
2008-11-25 20:10 ` Jakub Narebski [this message]
2008-11-25 21:03 ` Junio C Hamano
2008-11-25 21:19 ` Jakub Narebski
2008-11-25 21:46 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m3skpfk1mp.fsf@localhost.localdomain \
--to=jnareb@gmail.com \
--cc=barkalow@iabervon.org \
--cc=garyyang6@yahoo.com \
--cc=git@vger.kernel.org \
--cc=thomas@koch.ro \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.