From: "J. Bakshi" <joydeep@infoservices.in>
To: Sitaram Chamarty <sitaramc@gmail.com>
Cc: "git@vger.kernel.org" <git@vger.kernel.org>
Subject: Re: Restricted git push ?
Date: Tue, 19 Jul 2011 16:03:11 +0530 [thread overview]
Message-ID: <20110719160311.10f2364d@shiva.selfip.org> (raw)
In-Reply-To: <CAMK1S_jsv-pFy6bNPG=EK=4YsJOh3GUZ+_DAq6n36ajWuhyNaQ@mail.gmail.com>
On Tue, 19 Jul 2011 15:35:42 +0530
Sitaram Chamarty <sitaramc@gmail.com> wrote:
> On Tue, Jul 19, 2011 at 3:06 PM, J. Bakshi <joydeep@infoservices.in> wrote:
> > Hello list,
> >
> > I have installed git repo based on http:// protocol and both read+write access is based on a htpasswd based authentication. The git repo is "bare" so that push is possible. But I like to have push from a limited users only, not from all. For the rest, only pull should be possible. Is there any way to achieve this type of ACL ?
>
> man git-http-backend has an example config described thus: "To enable
> anonymous read access but authenticated write access...". It
> certainly sounds like what you want.
>
> Not sure what sort of http access you have setup
I have
``````````
<Location /git>
AuthType Basic
# Message to give to the committer
AuthName "Write access requires a password"
# File listing users with write (commit) access
AuthUserFile /home/svn/PASSWD
Require valid-user
</Location>
``````````
So authentication is require forman git-http-backend both read and write. Now to use one more level to restrict push user I have added one more restriction like
<LocationMatch "^/git/.*/git-receive-pack$">
AuthType Basic
# Message to give to the committer
AuthName "Write access requires a password"
# File listing users with write (commit) access
AuthUserFile /home/git/pushACL
Require valid-user
</LocationMatch>
read access is working fine, but write access not. log reports
````````
user testuser not found: /git/web.git/info/refs
``````````
Don't know why it is searching at /git/web.git/info/refs !!
next prev parent reply other threads:[~2011-07-19 10:33 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-19 9:36 Restricted git push ? J. Bakshi
2011-07-19 10:05 ` Sitaram Chamarty
2011-07-19 10:33 ` J. Bakshi [this message]
2011-07-19 10:45 ` J. Bakshi
2011-07-19 11:10 ` J. Bakshi
2011-07-19 15:03 ` Sitaram Chamarty
2011-07-19 16:06 ` J. Bakshi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110719160311.10f2364d@shiva.selfip.org \
--to=joydeep@infoservices.in \
--cc=git@vger.kernel.org \
--cc=sitaramc@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).