* Restricted git push ?
@ 2011-07-19 9:36 J. Bakshi
2011-07-19 10:05 ` Sitaram Chamarty
0 siblings, 1 reply; 7+ messages in thread
From: J. Bakshi @ 2011-07-19 9:36 UTC (permalink / raw)
To: git@vger.kernel.org
Hello list,
I have installed git repo based on http:// protocol and both read+write access is based on a htpasswd based authentication. The git repo is "bare" so that push is possible. But I like to have push from a limited users only, not from all. For the rest, only pull should be possible. Is there any way to achieve this type of ACL ?
Thanks
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Restricted git push ?
2011-07-19 9:36 Restricted git push ? J. Bakshi
@ 2011-07-19 10:05 ` Sitaram Chamarty
2011-07-19 10:33 ` J. Bakshi
0 siblings, 1 reply; 7+ messages in thread
From: Sitaram Chamarty @ 2011-07-19 10:05 UTC (permalink / raw)
To: J. Bakshi; +Cc: git@vger.kernel.org
On Tue, Jul 19, 2011 at 3:06 PM, J. Bakshi <joydeep@infoservices.in> wrote:
> Hello list,
>
> I have installed git repo based on http:// protocol and both read+write access is based on a htpasswd based authentication. The git repo is "bare" so that push is possible. But I like to have push from a limited users only, not from all. For the rest, only pull should be possible. Is there any way to achieve this type of ACL ?
man git-http-backend has an example config described thus: "To enable
anonymous read access but authenticated write access...". It
certainly sounds like what you want.
Not sure what sort of http access you have setup but ideally you
should have used that one to setup your server. If you did, changing
it to work this way should be easy now.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Restricted git push ?
2011-07-19 10:05 ` Sitaram Chamarty
@ 2011-07-19 10:33 ` J. Bakshi
2011-07-19 10:45 ` J. Bakshi
0 siblings, 1 reply; 7+ messages in thread
From: J. Bakshi @ 2011-07-19 10:33 UTC (permalink / raw)
To: Sitaram Chamarty; +Cc: git@vger.kernel.org
On Tue, 19 Jul 2011 15:35:42 +0530
Sitaram Chamarty <sitaramc@gmail.com> wrote:
> On Tue, Jul 19, 2011 at 3:06 PM, J. Bakshi <joydeep@infoservices.in> wrote:
> > Hello list,
> >
> > I have installed git repo based on http:// protocol and both read+write access is based on a htpasswd based authentication. The git repo is "bare" so that push is possible. But I like to have push from a limited users only, not from all. For the rest, only pull should be possible. Is there any way to achieve this type of ACL ?
>
> man git-http-backend has an example config described thus: "To enable
> anonymous read access but authenticated write access...". It
> certainly sounds like what you want.
>
> Not sure what sort of http access you have setup
I have
``````````
<Location /git>
AuthType Basic
# Message to give to the committer
AuthName "Write access requires a password"
# File listing users with write (commit) access
AuthUserFile /home/svn/PASSWD
Require valid-user
</Location>
``````````
So authentication is require forman git-http-backend both read and write. Now to use one more level to restrict push user I have added one more restriction like
<LocationMatch "^/git/.*/git-receive-pack$">
AuthType Basic
# Message to give to the committer
AuthName "Write access requires a password"
# File listing users with write (commit) access
AuthUserFile /home/git/pushACL
Require valid-user
</LocationMatch>
read access is working fine, but write access not. log reports
````````
user testuser not found: /git/web.git/info/refs
``````````
Don't know why it is searching at /git/web.git/info/refs !!
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Restricted git push ?
2011-07-19 10:33 ` J. Bakshi
@ 2011-07-19 10:45 ` J. Bakshi
2011-07-19 11:10 ` J. Bakshi
0 siblings, 1 reply; 7+ messages in thread
From: J. Bakshi @ 2011-07-19 10:45 UTC (permalink / raw)
Cc: Sitaram Chamarty, git@vger.kernel.org
On Tue, 19 Jul 2011 16:03:11 +0530
"J. Bakshi" <joydeep@infoservices.in> wrote:
> On Tue, 19 Jul 2011 15:35:42 +0530
> Sitaram Chamarty <sitaramc@gmail.com> wrote:
>
> > On Tue, Jul 19, 2011 at 3:06 PM, J. Bakshi <joydeep@infoservices.in> wrote:
> > > Hello list,
> > >
> > > I have installed git repo based on http:// protocol and both read+write access is based on a htpasswd based authentication. The git repo is "bare" so that push is possible. But I like to have push from a limited users only, not from all. For the rest, only pull should be possible. Is there any way to achieve this type of ACL ?
> >
> > man git-http-backend has an example config described thus: "To enable
> > anonymous read access but authenticated write access...". It
> > certainly sounds like what you want.
> >
> > Not sure what sort of http access you have setup
>
> I have
>
> ``````````
> <Location /git>
> AuthType Basic
> # Message to give to the committer
> AuthName "Write access requires a password"
> # File listing users with write (commit) access
> AuthUserFile /home/svn/PASSWD
> Require valid-user
> </Location>
> ``````````
>
> So authentication is require forman git-http-backend both read and write. Now to use one more level to restrict push user I have added one more restriction like
>
> <LocationMatch "^/git/.*/git-receive-pack$">
> AuthType Basic
> # Message to give to the committer
> AuthName "Write access requires a password"
> # File listing users with write (commit) access
> AuthUserFile /home/git/pushACL
> Require valid-user
> </LocationMatch>
>
> read access is working fine, but write access not. log reports
>
> ````````
> user testuser not found: /git/web.git/info/refs
> ``````````
>
> Don't know why it is searching at /git/web.git/info/refs !!
>
OK, seems the write authentication is checked twice. one for the first stanza for read access and second-time for the 2nd stanza the write access.
How can I tweak the first stanza only for read access ?
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Restricted git push ?
2011-07-19 10:45 ` J. Bakshi
@ 2011-07-19 11:10 ` J. Bakshi
2011-07-19 15:03 ` Sitaram Chamarty
0 siblings, 1 reply; 7+ messages in thread
From: J. Bakshi @ 2011-07-19 11:10 UTC (permalink / raw)
To: Sitaram Chamarty; +Cc: git@vger.kernel.org
On Tue, 19 Jul 2011 16:15:29 +0530
"J. Bakshi" <joydeep@infoservices.in> wrote:
> On Tue, 19 Jul 2011 16:03:11 +0530
> "J. Bakshi" <joydeep@infoservices.in> wrote:
>
> > On Tue, 19 Jul 2011 15:35:42 +0530
> > Sitaram Chamarty <sitaramc@gmail.com> wrote:
> >
> > > On Tue, Jul 19, 2011 at 3:06 PM, J. Bakshi <joydeep@infoservices.in> wrote:
> > > > Hello list,
> > > >
> > > > I have installed git repo based on http:// protocol and both read+write access is based on a htpasswd based authentication. The git repo is "bare" so that push is possible. But I like to have push from a limited users only, not from all. For the rest, only pull should be possible. Is there any way to achieve this type of ACL ?
> > >
> > > man git-http-backend has an example config described thus: "To enable
> > > anonymous read access but authenticated write access...". It
> > > certainly sounds like what you want.
> > >
> > > Not sure what sort of http access you have setup
> >
> > I have
> >
> > ``````````
> > <Location /git>
> > AuthType Basic
> > # Message to give to the committer
> > AuthName "Write access requires a password"
> > # File listing users with write (commit) access
> > AuthUserFile /home/svn/PASSWD
> > Require valid-user
> > </Location>
> > ``````````
> >
> > So authentication is require forman git-http-backend both read and write. Now to use one more level to restrict push user I have added one more restriction like
> >
> > <LocationMatch "^/git/.*/ $">
> > AuthType Basic
> > # Message to give to the committer
> > AuthName "Write access requires a password"
> > # File listing users with write (commit) access
> > AuthUserFile /home/git/pushACL
> > Require valid-user
> > </LocationMatch>
> >
> > read access is working fine, but write access not. log reports
> >
> > ````````
> > user testuser not found: /git/web.git/info/refs
> > ``````````
> >
> > Don't know why it is searching at /git/web.git/info/refs !!
> >
>
> OK, seems the write authentication is checked twice. one for the first stanza for read access and second-time for the 2nd stanza the write access.
> How can I tweak the first stanza only for read access ?
Just like git-receive-pack anything for git pull,clone etc.. ? then we can use those to restrict read access separately. Users having read access need not have the right access then.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Restricted git push ?
2011-07-19 11:10 ` J. Bakshi
@ 2011-07-19 15:03 ` Sitaram Chamarty
2011-07-19 16:06 ` J. Bakshi
0 siblings, 1 reply; 7+ messages in thread
From: Sitaram Chamarty @ 2011-07-19 15:03 UTC (permalink / raw)
To: J. Bakshi; +Cc: git@vger.kernel.org
On Tue, Jul 19, 2011 at 4:40 PM, J. Bakshi <joydeep@infoservices.in> wrote:
> Just like git-receive-pack anything for git pull,clone etc.. ? then we can use those to restrict read access separately. Users having read access need not have the right access then.
git-upload-pack I guess. Maybe git-upload-archive also.
--
Sitaram
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: Restricted git push ?
2011-07-19 15:03 ` Sitaram Chamarty
@ 2011-07-19 16:06 ` J. Bakshi
0 siblings, 0 replies; 7+ messages in thread
From: J. Bakshi @ 2011-07-19 16:06 UTC (permalink / raw)
To: Sitaram Chamarty; +Cc: git@vger.kernel.org
On Tue, 19 Jul 2011 20:33:23 +0530
Sitaram Chamarty <sitaramc@gmail.com> wrote:
> On Tue, Jul 19, 2011 at 4:40 PM, J. Bakshi <joydeep@infoservices.in> wrote:
>
> > Just like git-receive-pack anything for git pull,clone etc.. ? then we can use those to restrict read access separately. Users having read access need not have the right access then.
>
> git-upload-pack I guess. Maybe git-upload-archive also.
>
I have tried with git-upload-pack, but it gives error as
````````````
Cloning into ....
error: RPC failed; result=22, HTTP code = 401
fatal: The remote end hung up unexpectedly
````````````````
The configuration I use is
````````````
<LocationMatch "^/git/.*/git-upload-pack$">
AuthType Basic
# Message to give to the committer
AuthName "Write access requires a password"
# File listing users with write (commit) access
AuthUserFile /home/git/pushACL
Require valid-user
</LocationMatch>
````````````
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2011-07-20 6:09 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-07-19 9:36 Restricted git push ? J. Bakshi
2011-07-19 10:05 ` Sitaram Chamarty
2011-07-19 10:33 ` J. Bakshi
2011-07-19 10:45 ` J. Bakshi
2011-07-19 11:10 ` J. Bakshi
2011-07-19 15:03 ` Sitaram Chamarty
2011-07-19 16:06 ` J. Bakshi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).